Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25639 (GCVE-0-2026-25639)
Vulnerability from cvelistv5 – Published: 2026-02-09 20:11 – Updated: 2026-02-18 17:16
VLAI?
EPSS
Title
Axios affected by Denial of Service via __proto__ Key in mergeConfig
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.
Severity ?
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:46.394625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.13.5"
},
{
"status": "affected",
"version": "\u003c 0.30.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T17:16:16.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
},
{
"name": "https://github.com/axios/axios/pull/7369",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7369"
},
{
"name": "https://github.com/axios/axios/pull/7388",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7388"
},
{
"name": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"name": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
},
{
"name": "https://github.com/axios/axios/releases/tag/v0.30.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v0.30.3"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.13.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
}
],
"source": {
"advisory": "GHSA-43fc-jf86-j433",
"discovery": "UNKNOWN"
},
"title": "Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25639",
"datePublished": "2026-02-09T20:11:22.374Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-02-18T17:16:16.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25639\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-09T21:15:49.010\",\"lastModified\":\"2026-02-18T18:24:34.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.\"},{\"lang\":\"es\",\"value\":\"Axios es un cliente HTTP basado en promesas para el navegador y Node.js. Antes de la versi\u00f3n 1.13.5, la funci\u00f3n mergeConfig en axios falla con un TypeError al procesar objetos de configuraci\u00f3n que contienen __proto__ como propiedad propia. Un atacante puede desencadenar esto proporcionando un objeto de configuraci\u00f3n malicioso creado a trav\u00e9s de JSON.parse(), causando una denegaci\u00f3n de servicio completa. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.13.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.13.5\",\"matchCriteriaId\":\"A8935935-994A-4A4E-9FBB-E83C9EF0B2E3\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/pull/7369\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/pull/7388\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/releases/tag/v0.30.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/releases/tag/v1.13.5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25639\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-10T15:39:46.394625Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T15:39:47.277Z\"}}], \"cna\": {\"title\": \"Axios affected by Denial of Service via __proto__ Key in mergeConfig\", \"source\": {\"advisory\": \"GHSA-43fc-jf86-j433\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.13.5\"}, {\"status\": \"affected\", \"version\": \"\u003c 0.30.3\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/pull/7369\", \"name\": \"https://github.com/axios/axios/pull/7369\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/pull/7388\", \"name\": \"https://github.com/axios/axios/pull/7388\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\", \"name\": \"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e\", \"name\": \"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/releases/tag/v0.30.3\", \"name\": \"https://github.com/axios/axios/releases/tag/v0.30.3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/releases/tag/v1.13.5\", \"name\": \"https://github.com/axios/axios/releases/tag/v1.13.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-18T17:16:16.391Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25639\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-18T17:16:16.391Z\", \"dateReserved\": \"2026-02-04T05:15:41.791Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-09T20:11:22.374Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-43FC-JF86-J433
Vulnerability from github – Published: 2026-02-09 17:46 – Updated: 2026-02-18 17:16
VLAI?
Summary
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
Details
Denial of Service via proto Key in mergeConfig
Summary
The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
Details
The vulnerability exists in lib/core/mergeConfig.js at lines 98-101:
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
const merge = mergeMap[prop] || mergeDeepProperties;
const configValue = merge(config1[prop], config2[prop], prop);
(utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
When prop is '__proto__':
JSON.parse('{"__proto__": {...}}')creates an object with__proto__as an own enumerable propertyObject.keys()includes'__proto__'in the iterationmergeMap['__proto__']performs prototype chain lookup, returningObject.prototype(truthy object)- The expression
mergeMap[prop] || mergeDeepPropertiesevaluates toObject.prototype Object.prototype(...)throwsTypeError: merge is not a function
The mergeConfig function is called by:
Axios._request()atlib/core/Axios.js:75Axios.getUri()atlib/core/Axios.js:201- All HTTP method shortcuts (
get,post, etc.) atlib/core/Axios.js:211,224
PoC
import axios from "axios";
const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);
Reproduction steps:
- Clone axios repository or
npm install axios - Create file
poc.mjswith the code above - Run:
node poc.mjs - Observe the TypeError crash
Verified output (axios 1.13.4):
TypeError: merge is not a function
at computeConfigValue (lib/core/mergeConfig.js:100:25)
at Object.forEach (lib/utils.js:280:10)
at mergeConfig (lib/core/mergeConfig.js:98:9)
Control tests performed:
| Test | Config | Result |
|------|--------|--------|
| Normal config | {"timeout": 5000} | SUCCESS |
| Malicious config | JSON.parse('{"__proto__": {"x": 1}}') | CRASH |
| Nested object | {"headers": {"X-Test": "value"}} | SUCCESS |
Attack scenario:
An application that accepts user input, parses it with JSON.parse(), and passes it to axios configuration will crash when receiving the payload {"__proto__": {"x": 1}}.
Impact
Denial of Service - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.
Affected environments:
- Node.js servers using axios for HTTP requests
- Any backend that passes parsed JSON to axios configuration
This is NOT prototype pollution - the application crashes before any assignment occurs.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.13.4"
},
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.13.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.30.2"
},
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.30.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25639"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-09T17:46:14Z",
"nvd_published_at": "2026-02-09T21:15:49Z",
"severity": "HIGH"
},
"details": "# Denial of Service via **proto** Key in mergeConfig\n\n### Summary\n\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.\n\n### Details\n\nThe vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:\n\n```javascript\nutils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {\n const merge = mergeMap[prop] || mergeDeepProperties;\n const configValue = merge(config1[prop], config2[prop], prop);\n (utils.isUndefined(configValue) \u0026\u0026 merge !== mergeDirectKeys) || (config[prop] = configValue);\n});\n```\n\nWhen `prop` is `\u0027__proto__\u0027`:\n\n1. `JSON.parse(\u0027{\"__proto__\": {...}}\u0027)` creates an object with `__proto__` as an own enumerable property\n2. `Object.keys()` includes `\u0027__proto__\u0027` in the iteration\n3. `mergeMap[\u0027__proto__\u0027]` performs prototype chain lookup, returning `Object.prototype` (truthy object)\n4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`\n5. `Object.prototype(...)` throws `TypeError: merge is not a function`\n\nThe `mergeConfig` function is called by:\n\n- `Axios._request()` at `lib/core/Axios.js:75`\n- `Axios.getUri()` at `lib/core/Axios.js:201`\n- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`\n\n### PoC\n\n```javascript\nimport axios from \"axios\";\n\nconst maliciousConfig = JSON.parse(\u0027{\"__proto__\": {\"x\": 1}}\u0027);\nawait axios.get(\"https://httpbin.org/get\", maliciousConfig);\n```\n\n**Reproduction steps:**\n\n1. Clone axios repository or `npm install axios`\n2. Create file `poc.mjs` with the code above\n3. Run: `node poc.mjs`\n4. Observe the TypeError crash\n\n**Verified output (axios 1.13.4):**\n\n```\nTypeError: merge is not a function\n at computeConfigValue (lib/core/mergeConfig.js:100:25)\n at Object.forEach (lib/utils.js:280:10)\n at mergeConfig (lib/core/mergeConfig.js:98:9)\n```\n\n**Control tests performed:**\n| Test | Config | Result |\n|------|--------|--------|\n| Normal config | `{\"timeout\": 5000}` | SUCCESS |\n| Malicious config | `JSON.parse(\u0027{\"__proto__\": {\"x\": 1}}\u0027)` | **CRASH** |\n| Nested object | `{\"headers\": {\"X-Test\": \"value\"}}` | SUCCESS |\n\n**Attack scenario:**\nAn application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{\"__proto__\": {\"x\": 1}}`.\n\n### Impact\n\n**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.\n\nAffected environments:\n\n- Node.js servers using axios for HTTP requests\n- Any backend that passes parsed JSON to axios configuration\n\nThis is NOT prototype pollution - the application crashes before any assignment occurs.",
"id": "GHSA-43fc-jf86-j433",
"modified": "2026-02-18T17:16:28Z",
"published": "2026-02-09T17:46:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/7369"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/7388"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v0.30.3"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig"
}
RHSA-2026:5168
Vulnerability from csaf_redhat - Published: 2026-03-19 19:18 - Updated: 2026-03-21 02:54Summary
Red Hat Security Advisory: Red Hat Quay 3.9.19
Severity
Important
Notes
Topic: Red Hat Quay 3.9.19 is now available with bug fixes.
Details: Quay 3.9.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5168",
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5168.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.19",
"tracking": {
"current_release_date": "2026-03-21T02:54:43+00:00",
"generator": {
"date": "2026-03-21T02:54:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:5168",
"initial_release_date": "2026-03-19T19:18:06+00:00",
"revision_history": [
{
"date": "2026-03-19T19:18:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T19:18:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T02:54:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931764"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931771"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739181"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Acb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773939659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Add567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ace8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ad64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:4942
Vulnerability from csaf_redhat - Published: 2026-03-18 16:21 - Updated: 2026-03-21 05:12Summary
Red Hat Security Advisory: Red Hat Quay 3.12.15
Severity
Critical
Notes
Topic: Red Hat Quay 3.12.15 is now available with bug fixes.
Details: Quay 3.12.15
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.15 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.15",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4942",
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.15",
"tracking": {
"current_release_date": "2026-03-21T05:12:24+00:00",
"generator": {
"date": "2026-03-21T05:12:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4942",
"initial_release_date": "2026-03-18T16:21:15+00:00",
"revision_history": [
{
"date": "2026-03-18T16:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T16:21:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T05:12:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773766026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772132933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Af4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773775889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:3106
Vulnerability from csaf_redhat - Published: 2026-02-23 17:14 - Updated: 2026-03-19 20:54Summary
Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0
Severity
Important
Notes
Topic: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.4.13, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
See Kiali 2.4.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat
https://access.redhat.com/errata/RHSA-2026:3106
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.13, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3106",
"url": "https://access.redhat.com/errata/RHSA-2026:3106"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3106.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-03-19T20:54:50+00:00",
"generator": {
"date": "2026-03-19T20:54:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3106",
"initial_release_date": "2026-02-23T17:14:27+00:00",
"revision_history": [
{
"date": "2026-02-23T17:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:14:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T20:54:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Af342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ad014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ab28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771373071"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372940"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:14:27+00:00",
"details": "See Kiali 2.4.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3106"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:04b9efc9b9d4399cddc620cadbc4aa47636e8e90a8af43f8a28205736db82bbe_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:38243f02786d10064768d4355d8ba80eb5c0892c912730682c58c6b259629a98_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e0e03701e6d67c1cc45566e5ce63708ccb054311cb469cded467f2d597b0a3ed_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f342935b5de0a471c12d3396374d2075381ff9aec4d75eabd3c6b26346e501d6_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cb5db65d47da4e5761ae6c7b73b1c1fd889195e7021569ca41a30f91bbba375_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b28e264e46083f9004963e1ccebe25c01d9084d1c8489f3333c0eed2ea64ca35_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d014dc5331b395c2dbf42011f92b3ebd728b8078d3c16068d658cd42bd6f210d_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f3cc238553d49a1c5b3764f73eb507dc8d9edf9bea02e7168f78e2e7ac77682f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
RHSA-2026:2694
Vulnerability from csaf_redhat - Published: 2026-02-12 22:32 - Updated: 2026-03-20 21:22Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.
A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.
7.5 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.
8.3 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.
7.5 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.
A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.
8.3 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.
8.5 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.
8.0 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
The containers required to run Discovery can be installed through discovery-installer
RPM. See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:2694
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2694",
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14550",
"url": "https://access.redhat.com/security/cve/CVE-2025-14550"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1207",
"url": "https://access.redhat.com/security/cve/CVE-2026-1207"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1285",
"url": "https://access.redhat.com/security/cve/CVE-2026-1285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1287",
"url": "https://access.redhat.com/security/cve/CVE-2026-1287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1312",
"url": "https://access.redhat.com/security/cve/CVE-2026-1312"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2694.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-03-20T21:22:48+00:00",
"generator": {
"date": "2026-03-20T21:22:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:2694",
"initial_release_date": "2026-02-12T22:32:47+00:00",
"revision_history": [
{
"date": "2026-02-12T22:32:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-12T22:32:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-20T21:22:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Af5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Acdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-14550",
"cwe": {
"id": "CWE-167",
"name": "Improper Handling of Additional Special Element"
},
"discovery_date": "2026-02-03T15:01:12.970018+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Denial of Service via crafted request with duplicate headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact denial-of-service flaw in Django affects Red Hat products utilizing the ASGIRequest component, such as Red Hat Ansible Automation Platform, Red Hat Discovery, and Red Hat Satellite. A remote attacker could send specially crafted requests containing duplicate headers, potentially rendering the affected system unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14550"
},
{
"category": "external",
"summary": "RHBZ#2436341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14550"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:38:15.875000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Django: Django: Denial of Service via crafted request with duplicate headers"
},
{
"cve": "CVE-2026-1207",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:00:58.388707+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL Injection via RasterField band index parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw affects Django\u0027s `RasterField` when utilized with PostGIS, allowing remote SQL injection via the band index parameter. Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services are impacted if configured to use Django with PostGIS `RasterField` lookups. Successful exploitation could lead to unauthorized data access, modification, or denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1207"
},
{
"category": "external",
"summary": "RHBZ#2436338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:35:33.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL Injection via RasterField band index parameter"
},
{
"cve": "CVE-2026-1285",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-03T15:01:06.283620+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Denial of Service via crafted HTML inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact denial-of-service flaw in Django. Applications utilizing Django that process untrusted HTML inputs with a large number of unmatched end tags through the `Truncator.chars()` or `Truncator.words()` methods (with `html=True`), or the `truncatechars_html` and `truncatewords_html` template filters, may experience resource exhaustion. This can lead to the application becoming unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1285"
},
{
"category": "external",
"summary": "RHBZ#2436340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:35:50.254000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Django: Django: Denial of Service via crafted HTML inputs"
},
{
"cve": "CVE-2026-1287",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:01:03.441713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL Injection via crafted column aliases",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT SQL injection flaw in Django allows a remote attacker to execute arbitrary SQL commands by crafting column aliases. This vulnerability affects Red Hat products that incorporate Django, such as Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services, potentially leading to unauthorized data access or modification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1287"
},
{
"category": "external",
"summary": "RHBZ#2436339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:36:03.630000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL Injection via crafted column aliases"
},
{
"cve": "CVE-2026-1312",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-03T15:01:18.274166+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Django allows for SQL injection within the `QuerySet.order_by()` method. A remote attacker could exploit this by providing crafted column aliases that include periods, specifically when used with `FilteredRelation`. Successful exploitation may result in unauthorized information disclosure or arbitrary code execution against the underlying database. This affects Red Hat products that integrate Django, such as Red Hat Ansible Automation Platform and Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1312"
},
{
"category": "external",
"summary": "RHBZ#2436342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"release_date": "2026-02-03T14:36:23.257000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T22:32:47+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2694"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
}
]
}
RHSA-2026:3087
Vulnerability from csaf_redhat - Published: 2026-02-23 13:35 - Updated: 2026-03-21 05:10Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:3087
Workaround
To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:3087
A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:3087
A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.
8.0 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:3087
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:3087
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3087",
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3087.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-03-21T05:10:39+00:00",
"generator": {
"date": "2026-03-21T05:10:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3087",
"initial_release_date": "2026-02-23T13:35:49+00:00",
"revision_history": [
{
"date": "2026-02-23T13:35:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T13:37:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T05:10:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-rhel9@sha256%3A9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1771324865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-ui-rhel9@sha256%3Ae7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1771324807"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
RHSA-2026:3107
Vulnerability from csaf_redhat - Published: 2026-02-23 17:16 - Updated: 2026-03-21 05:10Summary
Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
Severity
Important
Notes
Topic: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:3107
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:3107
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3107",
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61729",
"url": "https://access.redhat.com/security/cve/cve-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3107.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-03-21T05:10:40+00:00",
"generator": {
"date": "2026-03-21T05:10:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3107",
"initial_release_date": "2026-02-23T17:16:07+00:00",
"revision_history": [
{
"date": "2026-02-23T17:16:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:16:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T05:10:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Afcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Ae2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ae3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
RHSA-2026:3109
Vulnerability from csaf_redhat - Published: 2026-02-23 17:26 - Updated: 2026-03-19 20:54Summary
Red Hat Security Advisory: Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2
Severity
Important
Notes
Topic: Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.17.4, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
See Kiali 2.17.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat
https://access.redhat.com/errata/RHSA-2026:3109
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.4, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639) ",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3109",
"url": "https://access.redhat.com/errata/RHSA-2026:3109"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3109.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-03-19T20:54:51+00:00",
"generator": {
"date": "2026-03-19T20:54:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3109",
"initial_release_date": "2026-02-23T17:26:20+00:00",
"revision_history": [
{
"date": "2026-02-23T17:26:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:26:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T20:54:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-operator-bundle@sha256%3A7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771390706"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Ac772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771384898"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229583"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771384898"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229583"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771384898"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229583"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Aeec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771384898"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229583"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:26:20+00:00",
"details": "See Kiali 2.17.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3109"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:7a78b11e11473268cf0d31a0e7644995ded09e22419fc8f5400e54bf85acbc6a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:078ecde6a72a12099911e201456d8ffd09b4c21796b6c54fa8295600a974790c_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3dfca839b5427175801d0cc515dc36bf85e08c3ffea98aff51f703ada9821367_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3fff336de41113a2fa449e12c7c3023c1569a4085c9ed3d58f588401a0638e49_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8017912e8032510d47f667b8d17ddff6ff5a84576df2d484d09a6b0747454c4e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:3416a57b9f3d949a27d8b086bda2a092398d8bb83c12c1ca69fa72d41611f4be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:44f463726ee4bb36daa3f35b7322c9a51f964f736509a20bed34411dd5aa6914_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:c772061859ad2bea98022c4a7e20dd731c5e468d8a91cd57576b0037cc500707_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:eec3c51f0d991ad8b8b387adf284ded13d15a4db33b151a4ae4949716c6b2479_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:250cf403e11be8c7ed06e4660e8ed07c0a3b1d86d720735629fc28794d656ea2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:37b39a062649870a3b547e9310efbb5f720d413ccd6893c1ac660138d4388bf9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:5dc63a919b903103abba9331290438bb13864ae629078e0a698b23b57e0d7aa4_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6fe6ac64e2216011a4880a72adfcf1ae853845df3bd125a01899f24bedbc7845_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
RHSA-2026:3105
Vulnerability from csaf_redhat - Published: 2026-02-23 17:14 - Updated: 2026-03-19 20:54Summary
Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1
Severity
Important
Notes
Topic: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.11.7, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
See Kiali 2.11.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat
https://access.redhat.com/errata/RHSA-2026:3105
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.7, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel9: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3105",
"url": "https://access.redhat.com/errata/RHSA-2026:3105"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3105.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-03-19T20:54:50+00:00",
"generator": {
"date": "2026-03-19T20:54:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3105",
"initial_release_date": "2026-02-23T17:14:20+00:00",
"revision_history": [
{
"date": "2026-02-23T17:14:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:14:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T20:54:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ae044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Acda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ab180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385160"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771372942"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:14:20+00:00",
"details": "See Kiali 2.11.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3105"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:3a12696cddcbd01b02ae332b4f73316808680c5bfa56e3597817e997f8355ba7_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:61a42cd27a26463b5ad014ad66b35e69b37c3d58fcaa2f5155dadee1e605e4bc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d9cc9e8c8323cfd63825308ed3c2dce098ddefaae34c173adb3015ffe70e818_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b180e0fcda8131effc98d2a032400362e60a9cc34f49fb72528bab279865bfc1_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:11766a5adbc2780b7620d69cf14cfda2d44bf27ecd5e56696e97491c0152f4af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8af3bb4095fbc3fbf144e27cc7cd77dc37fa018f72fd6b4fbaa0280cc468b93a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cda057051d2354ac54f49cacc382bb8ef05ae198543a6f996b9c9b85abc97d65_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e044ac52590a4e4747b264c066d56beb2a8360051fecd3880d5b806b069c2d35_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
FKIE_CVE-2026-25639
Vulnerability from fkie_nvd - Published: 2026-02-09 21:15 - Updated: 2026-02-18 18:24
Severity ?
Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57 | Patch | |
| security-advisories@github.com | https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e | ||
| security-advisories@github.com | https://github.com/axios/axios/pull/7369 | ||
| security-advisories@github.com | https://github.com/axios/axios/pull/7388 | ||
| security-advisories@github.com | https://github.com/axios/axios/releases/tag/v0.30.3 | ||
| security-advisories@github.com | https://github.com/axios/axios/releases/tag/v1.13.5 | Product, Release Notes | |
| security-advisories@github.com | https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A8935935-994A-4A4E-9FBB-E83C9EF0B2E3",
"versionEndExcluding": "1.13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."
},
{
"lang": "es",
"value": "Axios es un cliente HTTP basado en promesas para el navegador y Node.js. Antes de la versi\u00f3n 1.13.5, la funci\u00f3n mergeConfig en axios falla con un TypeError al procesar objetos de configuraci\u00f3n que contienen __proto__ como propiedad propia. Un atacante puede desencadenar esto proporcionando un objeto de configuraci\u00f3n malicioso creado a trav\u00e9s de JSON.parse(), causando una denegaci\u00f3n de servicio completa. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.13.5."
}
],
"id": "CVE-2026-25639",
"lastModified": "2026-02-18T18:24:34.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-09T21:15:49.010",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/pull/7369"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/pull/7388"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/releases/tag/v0.30.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
CERTFR-2026-AVI-0326
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.26+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.6 | ||
| VMware | Tanzu Platform | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.6.9 | ||
| VMware | N/A | Python Buildpack versions antérieures à 1.8.83 | ||
| VMware | Tanzu Platform | Tanzu Platform versions antérieures à 3.1.9 | ||
| VMware | Tanzu Platform | Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 2.4.4 | ||
| VMware | N/A | PHP Buildpack versions antérieures à 4.6.69 | ||
| VMware | Tanzu Platform | Tanzu Platform versions antérieures à 3.2.5 | ||
| VMware | Tanzu Platform | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.9+LTS-T | ||
| VMware | Tanzu Platform | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.17 | ||
| VMware | Tanzu Platform | Tanzu RabbitMQ pour Tanzu Platform versions antérieures à 10.1.2 | ||
| VMware | Tanzu Platform | Tanzu Platform versions antérieures à 2.4.6 | ||
| VMware | Tanzu Platform | Tanzu Platform versions antérieures à 1.16.18 | ||
| VMware | Tanzu Platform | Tanzu for Valkey sur Tanzu Platform versions antérieures à 10.2.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.26+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.9+LTS-T | ||
| VMware | Tanzu Platform | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.26+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.6.9",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.83",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.9",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.69",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.5",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.9+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.17",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.18",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.26+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.9+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-28422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28422"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2024-35875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
},
{
"name": "CVE-2022-50759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50759"
},
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2025-71075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71075"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-36026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36026"
},
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2023-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3640"
},
{
"name": "CVE-2024-27435",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27435"
},
{
"name": "CVE-2025-40273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40273"
},
{
"name": "CVE-2023-53714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53714"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2025-68230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68230"
},
{
"name": "CVE-2026-28420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28420"
},
{
"name": "CVE-2022-49069",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49069"
},
{
"name": "CVE-2024-57875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57875"
},
{
"name": "CVE-2022-27943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27943"
},
{
"name": "CVE-2025-40064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
},
{
"name": "CVE-2023-54129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54129"
},
{
"name": "CVE-2025-66865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66865"
},
{
"name": "CVE-2024-41031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41031"
},
{
"name": "CVE-2025-39992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39992"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2022-49543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49543"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2025-38485",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38485"
},
{
"name": "CVE-2023-53562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53562"
},
{
"name": "CVE-2025-68324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68324"
},
{
"name": "CVE-2025-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
},
{
"name": "CVE-2023-54149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54149"
},
{
"name": "CVE-2025-71086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71086"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2023-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33875"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2026-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23167"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2025-68196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68196"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2023-53247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53247"
},
{
"name": "CVE-2025-38042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38042"
},
{
"name": "CVE-2025-22083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22083"
},
{
"name": "CVE-2023-53829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53829"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-54002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54002"
},
{
"name": "CVE-2022-50550",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50550"
},
{
"name": "CVE-2022-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0400"
},
{
"name": "CVE-2022-49138",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49138"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2022-49359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49359"
},
{
"name": "CVE-2025-68342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68342"
},
{
"name": "CVE-2022-48673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48673"
},
{
"name": "CVE-2022-50425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50425"
},
{
"name": "CVE-2025-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38201"
},
{
"name": "CVE-2024-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39293"
},
{
"name": "CVE-2023-53008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53008"
},
{
"name": "CVE-2025-38669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38669"
},
{
"name": "CVE-2025-40137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40137"
},
{
"name": "CVE-2023-54052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54052"
},
{
"name": "CVE-2025-22107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22107"
},
{
"name": "CVE-2024-38306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38306"
},
{
"name": "CVE-2023-53733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53733"
},
{
"name": "CVE-2025-37775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37775"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2023-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1386"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39298"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2026-23098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23098"
},
{
"name": "CVE-2023-53347",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53347"
},
{
"name": "CVE-2023-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28374"
},
{
"name": "CVE-2023-52926",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52926"
},
{
"name": "CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"name": "CVE-2025-68286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68286"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2025-40057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40057"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2026-25500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25500"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2025-38520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38520"
},
{
"name": "CVE-2025-27558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27558"
},
{
"name": "CVE-2025-71094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71094"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-35998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35998"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2021-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0076"
},
{
"name": "CVE-2025-68788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68788"
},
{
"name": "CVE-2024-58237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58237"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2023-53529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53529"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2023-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53042"
},
{
"name": "CVE-2022-50527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50527"
},
{
"name": "CVE-2023-54280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54280"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-58094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58094"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2025-52534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52534"
},
{
"name": "CVE-2025-40314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40314"
},
{
"name": "CVE-2024-46705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46705"
},
{
"name": "CVE-2022-50407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50407"
},
{
"name": "CVE-2026-23196",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23196"
},
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2022-23825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23825"
},
{
"name": "CVE-2024-45775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45775"
},
{
"name": "CVE-2025-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40306"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2022-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49901"
},
{
"name": "CVE-2026-23126",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23126"
},
{
"name": "CVE-2025-38329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38329"
},
{
"name": "CVE-2021-33096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33096"
},
{
"name": "CVE-2022-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50230"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2025-39947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39947"
},
{
"name": "CVE-2025-68778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68778"
},
{
"name": "CVE-2023-53588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53588"
},
{
"name": "CVE-2024-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41082"
},
{
"name": "CVE-2023-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53685"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23155"
},
{
"name": "CVE-2026-23054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23054"
},
{
"name": "CVE-2025-37870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37870"
},
{
"name": "CVE-2025-40254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
},
{
"name": "CVE-2022-49533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49533"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2020-26557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26557"
},
{
"name": "CVE-2025-71064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71064"
},
{
"name": "CVE-2023-54201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54201"
},
{
"name": "CVE-2021-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33114"
},
{
"name": "CVE-2025-69645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69645"
},
{
"name": "CVE-2025-68200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68200"
},
{
"name": "CVE-2022-49518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49518"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2022-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49125"
},
{
"name": "CVE-2024-36900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36900"
},
{
"name": "CVE-2025-38501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38501"
},
{
"name": "CVE-2024-26866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26866"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-68736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68736"
},
{
"name": "CVE-2023-52561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52561"
},
{
"name": "CVE-2025-68725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68725"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2025-68176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68176"
},
{
"name": "CVE-2025-37777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37777"
},
{
"name": "CVE-2021-47432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47432"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2025-68204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68204"
},
{
"name": "CVE-2024-35878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35878"
},
{
"name": "CVE-2023-53362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53362"
},
{
"name": "CVE-2025-68795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68795"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2024-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26756"
},
{
"name": "CVE-2022-50815",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50815"
},
{
"name": "CVE-2025-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21931"
},
{
"name": "CVE-2025-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39826"
},
{
"name": "CVE-2025-38036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38036"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-71221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71221"
},
{
"name": "CVE-2025-37778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37778"
},
{
"name": "CVE-2025-39716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39716"
},
{
"name": "CVE-2024-46860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46860"
},
{
"name": "CVE-2025-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22040"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2025-38340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38340"
},
{
"name": "CVE-2025-38109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38109"
},
{
"name": "CVE-2023-53629",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53629"
},
{
"name": "CVE-2022-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50178"
},
{
"name": "CVE-2025-39779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39779"
},
{
"name": "CVE-2025-66866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66866"
},
{
"name": "CVE-2025-68283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68283"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2025-37880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37880"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2026-23217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23217"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-37833",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37833"
},
{
"name": "CVE-2025-39761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2025-68246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68246"
},
{
"name": "CVE-2025-68339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68339"
},
{
"name": "CVE-2025-40287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40287"
},
{
"name": "CVE-2023-53320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53320"
},
{
"name": "CVE-2024-44961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44961"
},
{
"name": "CVE-2026-23069",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23069"
},
{
"name": "CVE-2025-21656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2025-69650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69650"
},
{
"name": "CVE-2022-50554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50554"
},
{
"name": "CVE-2023-53509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53509"
},
{
"name": "CVE-2023-53421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53421"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2026-22992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22992"
},
{
"name": "CVE-2024-52005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
},
{
"name": "CVE-2024-46775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46775"
},
{
"name": "CVE-2025-39764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39764"
},
{
"name": "CVE-2025-38207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38207"
},
{
"name": "CVE-2022-49465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49465"
},
{
"name": "CVE-2026-23004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23004"
},
{
"name": "CVE-2024-26807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26807"
},
{
"name": "CVE-2025-39720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39720"
},
{
"name": "CVE-2023-54271",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54271"
},
{
"name": "CVE-2022-49742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49742"
},
{
"name": "CVE-2025-71191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"name": "CVE-2025-68295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68295"
},
{
"name": "CVE-2025-68728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68728"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2025-68364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68364"
},
{
"name": "CVE-2024-42118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42118"
},
{
"name": "CVE-2025-40100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
},
{
"name": "CVE-2026-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
},
{
"name": "CVE-2024-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52560"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2026-23227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23227"
},
{
"name": "CVE-2025-71087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71087"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2025-40285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40285"
},
{
"name": "CVE-2023-52508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52508"
},
{
"name": "CVE-2025-69647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69647"
},
{
"name": "CVE-2025-39827",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39827"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2022-49108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49108"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2025-38717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38717"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22019"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-40208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40208"
},
{
"name": "CVE-2025-39746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39746"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2026-2219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2219"
},
{
"name": "CVE-2025-68287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68287"
},
{
"name": "CVE-2025-40039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40039"
},
{
"name": "CVE-2025-38208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38208"
},
{
"name": "CVE-2024-35926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35926"
},
{
"name": "CVE-2024-27389",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27389"
},
{
"name": "CVE-2024-26983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26983"
},
{
"name": "CVE-2022-50627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50627"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2025-38099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38099"
},
{
"name": "CVE-2025-38524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38524"
},
{
"name": "CVE-2025-38029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38029"
},
{
"name": "CVE-2022-49123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49123"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2023-53258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53258"
},
{
"name": "CVE-2024-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46813"
},
{
"name": "CVE-2024-38594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38594"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-47658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47658"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2025-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38096"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2025-68746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68746"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-53429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53429"
},
{
"name": "CVE-2024-46765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46765"
},
{
"name": "CVE-2022-50380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50380"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38039"
},
{
"name": "CVE-2022-48990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48990"
},
{
"name": "CVE-2024-24864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24864"
},
{
"name": "CVE-2024-35832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35832"
},
{
"name": "CVE-2024-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36479"
},
{
"name": "CVE-2025-71133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71133"
},
{
"name": "CVE-2026-23220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"name": "CVE-2024-45782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45782"
},
{
"name": "CVE-2022-50785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50785"
},
{
"name": "CVE-2025-39745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39745"
},
{
"name": "CVE-2024-35799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35799"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2026-23020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23020"
},
{
"name": "CVE-2025-38595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38595"
},
{
"name": "CVE-2025-71223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71223"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-68796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68796"
},
{
"name": "CVE-2025-40016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40016"
},
{
"name": "CVE-2023-53765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53765"
},
{
"name": "CVE-2025-38626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38626"
},
{
"name": "CVE-2025-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40356"
},
{
"name": "CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2023-53325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53325"
},
{
"name": "CVE-2025-21752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21752"
},
{
"name": "CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"name": "CVE-2025-40312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40312"
},
{
"name": "CVE-2025-37852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37852"
},
{
"name": "CVE-2025-68220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68220"
},
{
"name": "CVE-2025-22125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22125"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2024-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26953"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2025-68302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68302"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2025-68238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68238"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2025-38063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38063"
},
{
"name": "CVE-2025-68297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68297"
},
{
"name": "CVE-2024-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40975"
},
{
"name": "CVE-2025-68175",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68175"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-54227",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54227"
},
{
"name": "CVE-2023-46316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46316"
},
{
"name": "CVE-2024-47866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47866"
},
{
"name": "CVE-2024-44970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44970"
},
{
"name": "CVE-2022-49476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49476"
},
{
"name": "CVE-2023-53855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53855"
},
{
"name": "CVE-2026-23208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23208"
},
{
"name": "CVE-2025-68804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68804"
},
{
"name": "CVE-2025-39925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39925"
},
{
"name": "CVE-2025-68769",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68769"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2025-40139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40139"
},
{
"name": "CVE-2025-68794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68794"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2022-48667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48667"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2025-38491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38491"
},
{
"name": "CVE-2026-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
},
{
"name": "CVE-2022-49161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49161"
},
{
"name": "CVE-2021-21240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21240"
},
{
"name": "CVE-2022-48771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48771"
},
{
"name": "CVE-2025-37961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37961"
},
{
"name": "CVE-2025-23131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23131"
},
{
"name": "CVE-2024-27400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27400"
},
{
"name": "CVE-2023-52485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52485"
},
{
"name": "CVE-2025-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40309"
},
{
"name": "CVE-2022-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49997"
},
{
"name": "CVE-2022-49469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49469"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2025-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38408"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2025-68334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68334"
},
{
"name": "CVE-2025-40343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40343"
},
{
"name": "CVE-2025-38644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38644"
},
{
"name": "CVE-2025-38692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38692"
},
{
"name": "CVE-2022-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0480"
},
{
"name": "CVE-2025-68173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68173"
},
{
"name": "CVE-2024-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49932"
},
{
"name": "CVE-2026-23090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23090"
},
{
"name": "CVE-2026-23035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23035"
},
{
"name": "CVE-2023-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
},
{
"name": "CVE-2023-54253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54253"
},
{
"name": "CVE-2025-38127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38127"
},
{
"name": "CVE-2025-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22103"
},
{
"name": "CVE-2025-1272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1272"
},
{
"name": "CVE-2025-21658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21658"
},
{
"name": "CVE-2022-49651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49651"
},
{
"name": "CVE-2025-68307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68307"
},
{
"name": "CVE-2025-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40308"
},
{
"name": "CVE-2024-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26770"
},
{
"name": "CVE-2023-54324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54324"
},
{
"name": "CVE-2024-27041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27041"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2026-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3195"
},
{
"name": "CVE-2025-37743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37743"
},
{
"name": "CVE-2025-40005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40005"
},
{
"name": "CVE-2025-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37920"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2023-26242",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26242"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-40315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40315"
},
{
"name": "CVE-2023-52673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52673"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2021-33113",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33113"
},
{
"name": "CVE-2022-48668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48668"
},
{
"name": "CVE-2024-27418",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27418"
},
{
"name": "CVE-2025-68231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68231"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2025-14177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14177"
},
{
"name": "CVE-2026-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23064"
},
{
"name": "CVE-2025-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38591"
},
{
"name": "CVE-2025-68806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68806"
},
{
"name": "CVE-2022-50322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50322"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-27635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
},
{
"name": "CVE-2025-71098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71098"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2020-12317",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12317"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2025-40251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"name": "CVE-2024-42128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42128"
},
{
"name": "CVE-2025-71078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71078"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2025-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40355"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2021-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4095"
},
{
"name": "CVE-2022-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50240"
},
{
"name": "CVE-2025-40054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40054"
},
{
"name": "CVE-2024-45015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45015"
},
{
"name": "CVE-2025-68184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68184"
},
{
"name": "CVE-2024-36357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36357"
},
{
"name": "CVE-2025-71074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71074"
},
{
"name": "CVE-2025-38673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38673"
},
{
"name": "CVE-2025-40107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40107"
},
{
"name": "CVE-2025-11234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
},
{
"name": "CVE-2025-71083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71083"
},
{
"name": "CVE-2026-23061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23061"
},
{
"name": "CVE-2023-53447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53447"
},
{
"name": "CVE-2024-46754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46754"
},
{
"name": "CVE-2021-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0161"
},
{
"name": "CVE-2018-1121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1121"
},
{
"name": "CVE-2022-49547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49547"
},
{
"name": "CVE-2025-66863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66863"
},
{
"name": "CVE-2025-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0622"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26757"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2022-49484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49484"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-46748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46748"
},
{
"name": "CVE-2025-68813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68813"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"name": "CVE-2023-53248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53248"
},
{
"name": "CVE-2024-56788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56788"
},
{
"name": "CVE-2016-8660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8660"
},
{
"name": "CVE-2024-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26691"
},
{
"name": "CVE-2026-23047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23047"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2025-38215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38215"
},
{
"name": "CVE-2025-7519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7519"
},
{
"name": "CVE-2023-53491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53491"
},
{
"name": "CVE-2025-68365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68365"
},
{
"name": "CVE-2024-57804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
},
{
"name": "CVE-2024-49908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49908"
},
{
"name": "CVE-2025-68265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68265"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2026-28421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
},
{
"name": "CVE-2026-23119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23119"
},
{
"name": "CVE-2025-37943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37943"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-37745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37745"
},
{
"name": "CVE-2025-71085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2022-50811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50811"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2025-38734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38734"
},
{
"name": "CVE-2023-53366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53366"
},
{
"name": "CVE-2022-49910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49910"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2022-49203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49203"
},
{
"name": "CVE-2024-40918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40918"
},
{
"name": "CVE-2024-27032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27032"
},
{
"name": "CVE-2022-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50236"
},
{
"name": "CVE-2024-35932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35932"
},
{
"name": "CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"name": "CVE-2025-68344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68344"
},
{
"name": "CVE-2026-23137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23137"
},
{
"name": "CVE-2025-40347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40347"
},
{
"name": "CVE-2025-71154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71154"
},
{
"name": "CVE-2025-37882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37882"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46762"
},
{
"name": "CVE-2023-34983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34983"
},
{
"name": "CVE-2024-35868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35868"
},
{
"name": "CVE-2023-53323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53323"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2025-40198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40198"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2025-39942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
},
{
"name": "CVE-2025-68310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68310"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2025-68229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68229"
},
{
"name": "CVE-2023-52857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52857"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2025-68257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68257"
},
{
"name": "CVE-2025-39929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"name": "CVE-2022-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
},
{
"name": "CVE-2026-23226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23226"
},
{
"name": "CVE-2020-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
},
{
"name": "CVE-2024-43844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43844"
},
{
"name": "CVE-2023-52920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52920"
},
{
"name": "CVE-2023-52590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
},
{
"name": "CVE-2025-71084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71084"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2026-23049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23049"
},
{
"name": "CVE-2025-68321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68321"
},
{
"name": "CVE-2021-0072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0072"
},
{
"name": "CVE-2025-40190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40190"
},
{
"name": "CVE-2025-69652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69652"
},
{
"name": "CVE-2025-21635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21635"
},
{
"name": "CVE-2025-37924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37924"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2020-26143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38353"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2023-52761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52761"
},
{
"name": "CVE-2022-49773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49773"
},
{
"name": "CVE-2023-53609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53609"
},
{
"name": "CVE-2023-53478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53478"
},
{
"name": "CVE-2024-42117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42117"
},
{
"name": "CVE-2025-23160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23160"
},
{
"name": "CVE-2023-53682",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53682"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2025-40311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40311"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2026-3442",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3442"
},
{
"name": "CVE-2024-58238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58238"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-68814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68814"
},
{
"name": "CVE-2025-22039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22039"
},
{
"name": "CVE-2025-37842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37842"
},
{
"name": "CVE-2025-39933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39933"
},
{
"name": "CVE-2025-40237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40237"
},
{
"name": "CVE-2022-49722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49722"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-68780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68780"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2025-39990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39990"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2025-71081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71081"
},
{
"name": "CVE-2023-53780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53780"
},
{
"name": "CVE-2020-35501",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35501"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-38710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38710"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2023-52624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52624"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2022-49699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49699"
},
{
"name": "CVE-2022-50700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50700"
},
{
"name": "CVE-2023-52632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52632"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2026-23101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23101"
},
{
"name": "CVE-2026-23099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
},
{
"name": "CVE-2024-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38556"
},
{
"name": "CVE-2025-1180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1180"
},
{
"name": "CVE-2025-38060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38060"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2024-46820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46820"
},
{
"name": "CVE-2025-39770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
},
{
"name": "CVE-2025-38105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38105"
},
{
"name": "CVE-2025-37744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37744"
},
{
"name": "CVE-2025-38705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38705"
},
{
"name": "CVE-2023-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53198"
},
{
"name": "CVE-2023-53846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53846"
},
{
"name": "CVE-2025-71121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71121"
},
{
"name": "CVE-2024-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35942"
},
{
"name": "CVE-2022-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1247"
},
{
"name": "CVE-2025-40333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40333"
},
{
"name": "CVE-2022-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50234"
},
{
"name": "CVE-2025-38082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38082"
},
{
"name": "CVE-2025-37884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37884"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2025-39750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39750"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2026-23066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23066"
},
{
"name": "CVE-2025-38562",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38562"
},
{
"name": "CVE-2023-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4969"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-53789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53789"
},
{
"name": "CVE-2022-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49858"
},
{
"name": "CVE-2025-39692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39692"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2023-53520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53520"
},
{
"name": "CVE-2026-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23085"
},
{
"name": "CVE-2023-52737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52737"
},
{
"name": "CVE-2025-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40360"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-71136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71136"
},
{
"name": "CVE-2024-35803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35803"
},
{
"name": "CVE-2025-22105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22105"
},
{
"name": "CVE-2024-8612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8612"
},
{
"name": "CVE-2023-52586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52586"
},
{
"name": "CVE-2025-40332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40332"
},
{
"name": "CVE-2021-46195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46195"
},
{
"name": "CVE-2025-68354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68354"
},
{
"name": "CVE-2025-68801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68801"
},
{
"name": "CVE-2021-33110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33110"
},
{
"name": "CVE-2025-37834",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37834"
},
{
"name": "CVE-2025-21833",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21833"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2019-19378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19378"
},
{
"name": "CVE-2026-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23150"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2025-71073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71073"
},
{
"name": "CVE-2025-38426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38426"
},
{
"name": "CVE-2025-38436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38436"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2025-40104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
},
{
"name": "CVE-2024-36917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
},
{
"name": "CVE-2025-38097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38097"
},
{
"name": "CVE-2026-23236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23236"
},
{
"name": "CVE-2023-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53068"
},
{
"name": "CVE-2025-22090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22090"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2021-31615",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31615"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2025-40097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40097"
},
{
"name": "CVE-2022-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49932"
},
{
"name": "CVE-2022-25837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25837"
},
{
"name": "CVE-2025-68258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68258"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2025-38239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38239"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2023-52831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52831"
},
{
"name": "CVE-2023-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53221"
},
{
"name": "CVE-2024-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26719"
},
{
"name": "CVE-2022-44034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44034"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53072"
},
{
"name": "CVE-2023-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2007"
},
{
"name": "CVE-2022-37341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37341"
},
{
"name": "CVE-2025-69648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69648"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2025-38590",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38590"
},
{
"name": "CVE-2024-46843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46843"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2023-54016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54016"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2025-38709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38709"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-53602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53602"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-54035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54035"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2023-53867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53867"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-37926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37926"
},
{
"name": "CVE-2024-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46715"
},
{
"name": "CVE-2025-38038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38038"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2025-39859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39859"
},
{
"name": "CVE-2025-40313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40313"
},
{
"name": "CVE-2023-52582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52582"
},
{
"name": "CVE-2023-33053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33053"
},
{
"name": "CVE-2025-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2025-38015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38015"
},
{
"name": "CVE-2024-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26742"
},
{
"name": "CVE-2025-38449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2025-38261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38261"
},
{
"name": "CVE-2024-36918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36918"
},
{
"name": "CVE-2025-37853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37853"
},
{
"name": "CVE-2025-69644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69644"
},
{
"name": "CVE-2022-49303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49303"
},
{
"name": "CVE-2025-38126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38126"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2025-39763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39763"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2023-54088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54088"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2025-38679",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38679"
},
{
"name": "CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2025-11961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11961"
},
{
"name": "CVE-2025-39877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39877"
},
{
"name": "CVE-2022-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3114"
},
{
"name": "CVE-2023-52916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52916"
},
{
"name": "CVE-2025-38064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38064"
},
{
"name": "CVE-2026-22991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22991"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2022-50628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50628"
},
{
"name": "CVE-2024-56718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56718"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2025-39886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39886"
},
{
"name": "CVE-2022-50350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50350"
},
{
"name": "CVE-2025-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21831"
},
{
"name": "CVE-2022-50721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50721"
},
{
"name": "CVE-2022-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50095"
},
{
"name": "CVE-2025-40073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40073"
},
{
"name": "CVE-2024-26662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26662"
},
{
"name": "CVE-2026-3196",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3196"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-68308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68308"
},
{
"name": "CVE-2024-50217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50217"
},
{
"name": "CVE-2021-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0168"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2022-50479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50479"
},
{
"name": "CVE-2022-50583",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50583"
},
{
"name": "CVE-2025-37806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37806"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2025-68822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68822"
},
{
"name": "CVE-2025-40242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
},
{
"name": "CVE-2023-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0030"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2025-37822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37822"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-39838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39838"
},
{
"name": "CVE-2025-37820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37820"
},
{
"name": "CVE-2024-53179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53179"
},
{
"name": "CVE-2024-57945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57945"
},
{
"name": "CVE-2023-54233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54233"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2019-15213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15213"
},
{
"name": "CVE-2025-38234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38234"
},
{
"name": "CVE-2022-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49935"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2025-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38011"
},
{
"name": "CVE-2022-49534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49534"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2025-68190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68190"
},
{
"name": "CVE-2023-53010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53010"
},
{
"name": "CVE-2024-35956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35956"
},
{
"name": "CVE-2024-57888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2024-35908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35908"
},
{
"name": "CVE-2023-54237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54237"
},
{
"name": "CVE-2025-37878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37878"
},
{
"name": "CVE-2023-53424",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53424"
},
{
"name": "CVE-2026-23207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2022-49134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49134"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2022-49333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49333"
},
{
"name": "CVE-2023-53791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53791"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2019-19814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19814"
},
{
"name": "CVE-2022-49136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
},
{
"name": "CVE-2025-68255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68255"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2023-54081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54081"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-44962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44962"
},
{
"name": "CVE-2025-68322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68322"
},
{
"name": "CVE-2024-35931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35931"
},
{
"name": "CVE-2025-38702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
},
{
"name": "CVE-2026-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22980"
},
{
"name": "CVE-2026-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23138"
},
{
"name": "CVE-2025-39927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39927"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2023-26551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26551"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2023-54185",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54185"
},
{
"name": "CVE-2022-49342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49342"
},
{
"name": "CVE-2015-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8553"
},
{
"name": "CVE-2025-40277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40277"
},
{
"name": "CVE-2025-38250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
},
{
"name": "CVE-2024-36966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36966"
},
{
"name": "CVE-2023-53332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53332"
},
{
"name": "CVE-2024-35924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35924"
},
{
"name": "CVE-2024-58095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58095"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2022-49471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49471"
},
{
"name": "CVE-2025-68174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68174"
},
{
"name": "CVE-2022-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48976"
},
{
"name": "CVE-2025-21751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21751"
},
{
"name": "CVE-2023-53753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53753"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2026-23234",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23234"
},
{
"name": "CVE-2025-40272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40272"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2025-23162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23162"
},
{
"name": "CVE-2026-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23133"
},
{
"name": "CVE-2025-71093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71093"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2017-13694",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13694"
},
{
"name": "CVE-2025-71102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71102"
},
{
"name": "CVE-2026-23212",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23212"
},
{
"name": "CVE-2013-7445",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7445"
},
{
"name": "CVE-2026-23170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23170"
},
{
"name": "CVE-2023-52701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52701"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-26647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26647"
},
{
"name": "CVE-2025-68759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68759"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2022-49317",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49317"
},
{
"name": "CVE-2026-23019",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23019"
},
{
"name": "CVE-2018-12928",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12928"
},
{
"name": "CVE-2025-71188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71188"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2025-40345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40345"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2024-49904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49904"
},
{
"name": "CVE-2023-53671",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53671"
},
{
"name": "CVE-2025-40354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40354"
},
{
"name": "CVE-2024-26938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26938"
},
{
"name": "CVE-2026-28417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
},
{
"name": "CVE-2025-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37931"
},
{
"name": "CVE-2024-35999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35999"
},
{
"name": "CVE-2023-29942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29942"
},
{
"name": "CVE-2026-23125",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23125"
},
{
"name": "CVE-2026-0966",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0966"
},
{
"name": "CVE-2022-48633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48633"
},
{
"name": "CVE-2022-3238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3238"
},
{
"name": "CVE-2024-38557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38557"
},
{
"name": "CVE-2026-22185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22185"
},
{
"name": "CVE-2023-53781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53781"
},
{
"name": "CVE-2023-53584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53584"
},
{
"name": "CVE-2024-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
},
{
"name": "CVE-2025-38057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38057"
},
{
"name": "CVE-2025-68733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68733"
},
{
"name": "CVE-2024-56719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
},
{
"name": "CVE-2022-50418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50418"
},
{
"name": "CVE-2023-53438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53438"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-53460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53460"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-68188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68188"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2024-56671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56671"
},
{
"name": "CVE-2025-68335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68335"
},
{
"name": "CVE-2025-71079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71079"
},
{
"name": "CVE-2025-62626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62626"
},
{
"name": "CVE-2025-39940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39940"
},
{
"name": "CVE-2023-52751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52751"
},
{
"name": "CVE-2022-49562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
},
{
"name": "CVE-2025-37861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37861"
},
{
"name": "CVE-2023-53483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53483"
},
{
"name": "CVE-2023-53673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53673"
},
{
"name": "CVE-2025-37938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37938"
},
{
"name": "CVE-2025-37746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37746"
},
{
"name": "CVE-2022-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
},
{
"name": "CVE-2025-38368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38368"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2026-22997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22997"
},
{
"name": "CVE-2024-56368",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56368"
},
{
"name": "CVE-2025-40075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40075"
},
{
"name": "CVE-2022-49172",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49172"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-40979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40979"
},
{
"name": "CVE-2025-39977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"name": "CVE-2025-38331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38331"
},
{
"name": "CVE-2026-23240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23240"
},
{
"name": "CVE-2025-68330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68330"
},
{
"name": "CVE-2026-23228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2022-44033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44033"
},
{
"name": "CVE-2024-56757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56757"
},
{
"name": "CVE-2023-53662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53662"
},
{
"name": "CVE-2025-38069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38069"
},
{
"name": "CVE-2022-49750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49750"
},
{
"name": "CVE-2023-53707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53707"
},
{
"name": "CVE-2023-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53115"
},
{
"name": "CVE-2025-71196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71196"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2023-54107",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54107"
},
{
"name": "CVE-2022-48646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48646"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-35808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35808"
},
{
"name": "CVE-2024-58012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58012"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-68772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68772"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-36948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36948"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-26948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26948"
},
{
"name": "CVE-2023-53370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53370"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2023-45929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45929"
},
{
"name": "CVE-2025-68343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68343"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2025-37855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37855"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2021-33115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33115"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2020-26559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26559"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2020-26140",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-32249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32249"
},
{
"name": "CVE-2025-37899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37899"
},
{
"name": "CVE-2026-23078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23078"
},
{
"name": "CVE-2025-40362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40362"
},
{
"name": "CVE-2025-68201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68201"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2025-40289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40289"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2025-38330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38330"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2017-13693",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13693"
},
{
"name": "CVE-2025-68768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68768"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2022-49306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49306"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2025-36423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36423"
},
{
"name": "CVE-2022-49622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49622"
},
{
"name": "CVE-2025-68785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68785"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2025-38507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38507"
},
{
"name": "CVE-2022-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50284"
},
{
"name": "CVE-2025-39989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39989"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2025-38014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38014"
},
{
"name": "CVE-2025-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22028"
},
{
"name": "CVE-2024-41008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41008"
},
{
"name": "CVE-2024-27035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27035"
},
{
"name": "CVE-2023-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53218"
},
{
"name": "CVE-2022-25836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25836"
},
{
"name": "CVE-2024-37354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37354"
},
{
"name": "CVE-2025-68808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68808"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-29934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29934"
},
{
"name": "CVE-2024-27005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27005"
},
{
"name": "CVE-2025-68223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68223"
},
{
"name": "CVE-2022-49133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49133"
},
{
"name": "CVE-2024-36951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36951"
},
{
"name": "CVE-2025-68783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68783"
},
{
"name": "CVE-2025-71147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71147"
},
{
"name": "CVE-2025-38438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38438"
},
{
"name": "CVE-2025-40032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
},
{
"name": "CVE-2023-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26555"
},
{
"name": "CVE-2023-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1193"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2024-46806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46806"
},
{
"name": "CVE-2022-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50073"
},
{
"name": "CVE-2025-68724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2026-23103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23103"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-68786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68786"
},
{
"name": "CVE-2025-39732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39732"
},
{
"name": "CVE-2022-50393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50393"
},
{
"name": "CVE-2025-68779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68779"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2025-21819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21819"
},
{
"name": "CVE-2025-48514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48514"
},
{
"name": "CVE-2024-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41030"
},
{
"name": "CVE-2025-71199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71199"
},
{
"name": "CVE-2024-47664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47664"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2026-25749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25749"
},
{
"name": "CVE-2024-49504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49504"
},
{
"name": "CVE-2025-38118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38118"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53367"
},
{
"name": "CVE-2022-50500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50500"
},
{
"name": "CVE-2019-14899",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53098"
},
{
"name": "CVE-2025-68797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68797"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2025-68358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68358"
},
{
"name": "CVE-2025-40206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40206"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2021-0164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0164"
},
{
"name": "CVE-2026-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26958"
},
{
"name": "CVE-2024-46870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46870"
},
{
"name": "CVE-2022-49178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49178"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2025-40257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
},
{
"name": "CVE-2023-53748",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53748"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2022-49173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49173"
},
{
"name": "CVE-2024-45781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45781"
},
{
"name": "CVE-2025-71125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71125"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2022-50551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50551"
},
{
"name": "CVE-2026-26269",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26269"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2025-71108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71108"
},
{
"name": "CVE-2022-49401",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49401"
},
{
"name": "CVE-2025-71069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71069"
},
{
"name": "CVE-2025-68312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68312"
},
{
"name": "CVE-2025-68284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68284"
},
{
"name": "CVE-2025-68194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68194"
},
{
"name": "CVE-2023-52939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52939"
},
{
"name": "CVE-2024-14027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-14027"
},
{
"name": "CVE-2025-38269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38269"
},
{
"name": "CVE-2025-69649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69649"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2025-40336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40336"
},
{
"name": "CVE-2025-37945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37945"
},
{
"name": "CVE-2025-71195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71195"
},
{
"name": "CVE-2022-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49766"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2025-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22043"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2023-52569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52569"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2022-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49940"
},
{
"name": "CVE-2026-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23083"
},
{
"name": "CVE-2025-38422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38422"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2026-23088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23088"
},
{
"name": "CVE-2020-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25743"
},
{
"name": "CVE-2022-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50167"
},
{
"name": "CVE-2025-68183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68183"
},
{
"name": "CVE-2026-27704",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27704"
},
{
"name": "CVE-2022-48064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48064"
},
{
"name": "CVE-2023-45896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45896"
},
{
"name": "CVE-2025-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37903"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2025-68774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68774"
},
{
"name": "CVE-2024-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49940"
},
{
"name": "CVE-2025-40263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
},
{
"name": "CVE-2021-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3735"
},
{
"name": "CVE-2025-40353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40353"
},
{
"name": "CVE-2024-46861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46861"
},
{
"name": "CVE-2025-40222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40222"
},
{
"name": "CVE-2022-50634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50634"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-54514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54514"
},
{
"name": "CVE-2025-71202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71202"
},
{
"name": "CVE-2015-7837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7837"
},
{
"name": "CVE-2025-0677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0677"
},
{
"name": "CVE-2024-45780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45780"
},
{
"name": "CVE-2024-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46749"
},
{
"name": "CVE-2022-50492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50492"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2022-50406",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50406"
},
{
"name": "CVE-2023-26552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26552"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2026-23108",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23108"
},
{
"name": "CVE-2025-71180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71180"
},
{
"name": "CVE-2025-38232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38232"
},
{
"name": "CVE-2025-68244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68244"
},
{
"name": "CVE-2025-59691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59691"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2023-52481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52481"
},
{
"name": "CVE-2023-52888",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52888"
},
{
"name": "CVE-2025-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22057"
},
{
"name": "CVE-2024-47666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47666"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-40278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40278"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2025-71194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71194"
},
{
"name": "CVE-2026-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1788"
},
{
"name": "CVE-2023-53721",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53721"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-40342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40342"
},
{
"name": "CVE-2022-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50256"
},
{
"name": "CVE-2024-42091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42091"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-37907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37907"
},
{
"name": "CVE-2024-38625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38625"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2023-4010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4010"
},
{
"name": "CVE-2025-38425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38425"
},
{
"name": "CVE-2024-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46727"
},
{
"name": "CVE-2023-54028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54028"
},
{
"name": "CVE-2024-42129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42129"
},
{
"name": "CVE-2023-54105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54105"
},
{
"name": "CVE-2018-17977",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17977"
},
{
"name": "CVE-2019-1010204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010204"
},
{
"name": "CVE-2023-53992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53992"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2022-50354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50354"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2026-22999",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22999"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2025-71082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71082"
},
{
"name": "CVE-2025-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12801"
},
{
"name": "CVE-2024-58015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58015"
},
{
"name": "CVE-2026-23068",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23068"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2025-68765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68765"
},
{
"name": "CVE-2026-23089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23089"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2023-52589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52589"
},
{
"name": "CVE-2022-41848",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41848"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2023-53434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53434"
},
{
"name": "CVE-2023-29935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29935"
},
{
"name": "CVE-2023-35061",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35061"
},
{
"name": "CVE-2025-71132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71132"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21636"
},
{
"name": "CVE-2026-23239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23239"
},
{
"name": "CVE-2021-0172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0172"
},
{
"name": "CVE-2024-47662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47662"
},
{
"name": "CVE-2018-12930",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12930"
},
{
"name": "CVE-2026-23071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23071"
},
{
"name": "CVE-2024-49970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49970"
},
{
"name": "CVE-2024-41067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41067"
},
{
"name": "CVE-2024-26844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26844"
},
{
"name": "CVE-2025-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23141"
},
{
"name": "CVE-2026-23056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23056"
},
{
"name": "CVE-2025-40193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40193"
},
{
"name": "CVE-2023-32644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32644"
},
{
"name": "CVE-2025-71077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71077"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2024-46681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46681"
},
{
"name": "CVE-2024-36927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36927"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-40012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40012"
},
{
"name": "CVE-2025-40279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40279"
},
{
"name": "CVE-2026-0964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0964"
},
{
"name": "CVE-2025-68328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68328"
},
{
"name": "CVE-2023-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53178"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-8354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8354"
},
{
"name": "CVE-2023-54323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54323"
},
{
"name": "CVE-2025-37952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37952"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2025-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0689"
},
{
"name": "CVE-2022-50316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50316"
},
{
"name": "CVE-2023-31347",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31347"
},
{
"name": "CVE-2025-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
},
{
"name": "CVE-2025-22111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22111"
},
{
"name": "CVE-2023-53657",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53657"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2026-23063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23063"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2023-52732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52732"
},
{
"name": "CVE-2022-49759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49759"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-23073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23073"
},
{
"name": "CVE-2022-49167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49167"
},
{
"name": "CVE-2025-68311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68311"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2023-54023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54023"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2023-31082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31082"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2025-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0690"
},
{
"name": "CVE-2025-71114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71114"
},
{
"name": "CVE-2023-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53052"
},
{
"name": "CVE-2026-23058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23058"
},
{
"name": "CVE-2022-49234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49234"
},
{
"name": "CVE-2022-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50163"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2025-71067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2026-23238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23238"
},
{
"name": "CVE-2025-71182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71182"
},
{
"name": "CVE-2020-26556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26556"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-23038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23038"
},
{
"name": "CVE-2025-40341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40341"
},
{
"name": "CVE-2025-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38409"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2024-26699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26699"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-22990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22990"
},
{
"name": "CVE-2025-14017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
},
{
"name": "CVE-2022-50390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50390"
},
{
"name": "CVE-2026-23000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23000"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-71186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71186"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2023-53539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53539"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2025-40338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40338"
},
{
"name": "CVE-2025-68821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68821"
},
{
"name": "CVE-2025-31648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31648"
},
{
"name": "CVE-2025-0678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0678"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2026-23026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"name": "CVE-2024-56674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56674"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2025-40195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40195"
},
{
"name": "CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2019-1563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
},
{
"name": "CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"name": "CVE-2026-23128",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23128"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2023-53574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53574"
},
{
"name": "CVE-2022-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50166"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-68325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68325"
},
{
"name": "CVE-2025-71190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"name": "CVE-2024-56738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56738"
},
{
"name": "CVE-2022-50778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50778"
},
{
"name": "CVE-2024-42067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42067"
},
{
"name": "CVE-2022-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49971"
},
{
"name": "CVE-2025-71089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
},
{
"name": "CVE-2025-21693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21693"
},
{
"name": "CVE-2025-71203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71203"
},
{
"name": "CVE-2024-56657",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56657"
},
{
"name": "CVE-2025-39789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39789"
},
{
"name": "CVE-2022-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2024-56583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
},
{
"name": "CVE-2022-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50195"
},
{
"name": "CVE-2025-40358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40358"
},
{
"name": "CVE-2024-40998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
},
{
"name": "CVE-2024-56712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
},
{
"name": "CVE-2025-68318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68318"
},
{
"name": "CVE-2022-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49980"
},
{
"name": "CVE-2023-52634",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52634"
},
{
"name": "CVE-2025-22104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22104"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2025-62526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62526"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2025-68296",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68296"
},
{
"name": "CVE-2023-53785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53785"
},
{
"name": "CVE-2024-45776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45776"
},
{
"name": "CVE-2022-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50090"
},
{
"name": "CVE-2025-40340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40340"
},
{
"name": "CVE-2025-68332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68332"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2025-68745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68745"
},
{
"name": "CVE-2023-54263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54263"
},
{
"name": "CVE-2025-71104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71104"
},
{
"name": "CVE-2026-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22978"
},
{
"name": "CVE-2023-53764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53764"
},
{
"name": "CVE-2024-53687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53687"
},
{
"name": "CVE-2025-39901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39901"
},
{
"name": "CVE-2025-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40283"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2024-38628",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38628"
},
{
"name": "CVE-2025-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40324"
},
{
"name": "CVE-2025-38672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38672"
},
{
"name": "CVE-2023-54181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54181"
},
{
"name": "CVE-2025-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0684"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-68378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68378"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2026-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23146"
},
{
"name": "CVE-2025-38272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38272"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40146"
},
{
"name": "CVE-2025-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38359"
},
{
"name": "CVE-2019-20794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20794"
},
{
"name": "CVE-2023-53849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53849"
},
{
"name": "CVE-2022-4543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4543"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2026-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"name": "CVE-2023-53627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53627"
},
{
"name": "CVE-2025-40250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
},
{
"name": "CVE-2025-38091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38091"
},
{
"name": "CVE-2023-53510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53510"
},
{
"name": "CVE-2025-40264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
},
{
"name": "CVE-2025-38334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38334"
},
{
"name": "CVE-2023-53575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53575"
},
{
"name": "CVE-2022-49516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49516"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38728"
},
{
"name": "CVE-2022-3523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3523"
},
{
"name": "CVE-2026-26157",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26157"
},
{
"name": "CVE-2026-23001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
},
{
"name": "CVE-2023-38417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38417"
},
{
"name": "CVE-2025-68367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68367"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2025-22072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22072"
},
{
"name": "CVE-2025-68820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68820"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2025-40074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40074"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2025-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40321"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2023-53037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53037"
},
{
"name": "CVE-2024-46842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46842"
},
{
"name": "CVE-2025-71237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71237"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2025-69646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69646"
},
{
"name": "CVE-2023-54207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54207"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-68740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68740"
},
{
"name": "CVE-2020-26142",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26142"
},
{
"name": "CVE-2022-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49955"
},
{
"name": "CVE-2023-53628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53628"
},
{
"name": "CVE-2025-29943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29943"
},
{
"name": "CVE-2025-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39978"
},
{
"name": "CVE-2023-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31346"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-40158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40158"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2025-38071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38071"
},
{
"name": "CVE-2025-38140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38140"
},
{
"name": "CVE-2022-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50002"
},
{
"name": "CVE-2025-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38621"
},
{
"name": "CVE-2025-68742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68742"
},
{
"name": "CVE-2025-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39908"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2025-40282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40282"
},
{
"name": "CVE-2026-23118",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23118"
},
{
"name": "CVE-2025-34034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-34034"
},
{
"name": "CVE-2025-37984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37984"
},
{
"name": "CVE-2025-59692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59692"
},
{
"name": "CVE-2022-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50116"
},
{
"name": "CVE-2018-12931",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12931"
},
{
"name": "CVE-2025-40168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40168"
},
{
"name": "CVE-2025-37856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37856"
},
{
"name": "CVE-2022-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50224"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-13791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13791"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2024-49990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49990"
},
{
"name": "CVE-2020-15802",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15802"
},
{
"name": "CVE-2020-24240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24240"
},
{
"name": "CVE-2024-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46718"
},
{
"name": "CVE-2025-68816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68816"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2023-53545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53545"
},
{
"name": "CVE-2022-50552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50552"
},
{
"name": "CVE-2021-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0066"
},
{
"name": "CVE-2025-38333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38333"
},
{
"name": "CVE-2023-53376",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53376"
},
{
"name": "CVE-2023-53538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53538"
},
{
"name": "CVE-2025-68192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68192"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2025-68379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68379"
},
{
"name": "CVE-2022-50357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50357"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-68256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68256"
},
{
"name": "CVE-2025-68777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68777"
},
{
"name": "CVE-2023-52671",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52671"
},
{
"name": "CVE-2022-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
},
{
"name": "CVE-2024-35870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35870"
},
{
"name": "CVE-2025-68254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68254"
},
{
"name": "CVE-2026-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23221"
},
{
"name": "CVE-2025-38059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38059"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2025-37956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37956"
},
{
"name": "CVE-2025-40196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40196"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2023-52676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52676"
},
{
"name": "CVE-2025-38117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38117"
},
{
"name": "CVE-2017-13165",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13165"
},
{
"name": "CVE-2025-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
},
{
"name": "CVE-2025-68171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68171"
},
{
"name": "CVE-2025-39932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39932"
},
{
"name": "CVE-2024-47683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47683"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-46811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46811"
},
{
"name": "CVE-2025-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21985"
},
{
"name": "CVE-2025-22109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22109"
},
{
"name": "CVE-2025-38300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38300"
},
{
"name": "CVE-2025-40040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
},
{
"name": "CVE-2023-53635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53635"
},
{
"name": "CVE-2025-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39810"
},
{
"name": "CVE-2026-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22982"
},
{
"name": "CVE-2025-23132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23132"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2022-49531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49531"
},
{
"name": "CVE-2022-49504",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2022-49810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49810"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-71109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71109"
},
{
"name": "CVE-2023-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26586"
},
{
"name": "CVE-2025-38373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38373"
},
{
"name": "CVE-2025-66861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66861"
},
{
"name": "CVE-2025-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
},
{
"name": "CVE-2025-37957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
},
{
"name": "CVE-2025-38369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38369"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-44950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44950"
},
{
"name": "CVE-2025-39759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39759"
},
{
"name": "CVE-2022-50332",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50332"
},
{
"name": "CVE-2023-53822",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53822"
},
{
"name": "CVE-2024-27408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27408"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2022-50461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50461"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2023-26554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26554"
},
{
"name": "CVE-2025-38486",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38486"
},
{
"name": "CVE-2021-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26934"
},
{
"name": "CVE-2023-53466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53466"
},
{
"name": "CVE-2025-21629",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
},
{
"name": "CVE-2025-71118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71118"
},
{
"name": "CVE-2023-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53168"
},
{
"name": "CVE-2022-49528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49528"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2022-49218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49218"
},
{
"name": "CVE-2023-52749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52749"
},
{
"name": "CVE-2025-39754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39754"
},
{
"name": "CVE-2025-40286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40286"
},
{
"name": "CVE-2022-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49967"
},
{
"name": "CVE-2025-68327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68327"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2022-49245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49245"
},
{
"name": "CVE-2025-38098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38098"
},
{
"name": "CVE-2023-52682",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52682"
},
{
"name": "CVE-2022-50871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50871"
},
{
"name": "CVE-2025-71150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71150"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2025-39958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39958"
},
{
"name": "CVE-2018-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8956"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2026-23091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23091"
},
{
"name": "CVE-2025-68241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68241"
},
{
"name": "CVE-2022-49420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
},
{
"name": "CVE-2022-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2026-3441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3441"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2023-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53149"
},
{
"name": "CVE-2026-23237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23237"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2022-50746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50746"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-50034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50034"
},
{
"name": "CVE-2025-38259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38259"
},
{
"name": "CVE-2025-71192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71192"
},
{
"name": "CVE-2023-53596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53596"
},
{
"name": "CVE-2022-49943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49943"
},
{
"name": "CVE-2022-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50260"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2026-23121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23121"
},
{
"name": "CVE-2020-12319",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12319"
},
{
"name": "CVE-2025-37951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2024-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2024-36924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36924"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2023-3397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3397"
},
{
"name": "CVE-2025-68734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68734"
},
{
"name": "CVE-2024-26672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26672"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-37947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37947"
},
{
"name": "CVE-2025-68776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68776"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2023-53806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53806"
},
{
"name": "CVE-2025-21817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21817"
},
{
"name": "CVE-2025-68972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68972"
},
{
"name": "CVE-2025-68799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68799"
},
{
"name": "CVE-2021-33139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33139"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-38192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38192"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-68345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68345"
},
{
"name": "CVE-2025-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39800"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2025-38343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38343"
},
{
"name": "CVE-2025-71097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71097"
},
{
"name": "CVE-2024-46808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46808"
},
{
"name": "CVE-2026-26158",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26158"
},
{
"name": "CVE-2025-38202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38202"
},
{
"name": "CVE-2025-68288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68288"
},
{
"name": "CVE-2025-38168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38168"
},
{
"name": "CVE-2023-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53547"
},
{
"name": "CVE-2019-20426",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20426"
},
{
"name": "CVE-2025-71107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71107"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2025-40310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40310"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2026-23235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23235"
},
{
"name": "CVE-2025-71111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71111"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-71152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71152"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2025-38665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38665"
},
{
"name": "CVE-2022-50212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50212"
},
{
"name": "CVE-2026-23087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23087"
},
{
"name": "CVE-2023-54259",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54259"
},
{
"name": "CVE-2025-68802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68802"
},
{
"name": "CVE-2023-54067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54067"
},
{
"name": "CVE-2025-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1369"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-68317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68317"
},
{
"name": "CVE-2023-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
},
{
"name": "CVE-2025-71185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"name": "CVE-2022-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2961"
},
{
"name": "CVE-2025-40331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40331"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-49635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2026-23096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23096"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-14180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14180"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2025-38704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38704"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2021-33155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33155"
},
{
"name": "CVE-2025-68337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68337"
},
{
"name": "CVE-2024-57899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2022-50851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50851"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2022-50464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50464"
},
{
"name": "CVE-2025-38674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38674"
},
{
"name": "CVE-2025-40093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40093"
},
{
"name": "CVE-2020-26560",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26560"
},
{
"name": "CVE-2024-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26714"
},
{
"name": "CVE-2024-45777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45777"
},
{
"name": "CVE-2025-38040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38040"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2022-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49965"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2024-0564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0564"
},
{
"name": "CVE-2025-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
},
{
"name": "CVE-2025-71131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71131"
},
{
"name": "CVE-2022-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49961"
},
{
"name": "CVE-2025-69651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69651"
},
{
"name": "CVE-2025-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38552"
},
{
"name": "CVE-2025-40335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40335"
},
{
"name": "CVE-2025-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40149"
},
{
"name": "CVE-2024-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58098"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2022-28667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28667"
},
{
"name": "CVE-2023-53383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53383"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2022-50704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50704"
},
{
"name": "CVE-2025-40164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40164"
},
{
"name": "CVE-2023-54125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54125"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2026-23164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23164"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2023-53751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53751"
},
{
"name": "CVE-2025-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0033"
},
{
"name": "CVE-2023-53743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53743"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2025-37928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37928"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2025-71116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71116"
},
{
"name": "CVE-2022-40735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40735"
},
{
"name": "CVE-2024-36024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36024"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-54190",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54190"
},
{
"name": "CVE-2023-52879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52879"
},
{
"name": "CVE-2025-68281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68281"
},
{
"name": "CVE-2023-52837",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52837"
},
{
"name": "CVE-2025-38440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38440"
},
{
"name": "CVE-2026-23124",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23124"
},
{
"name": "CVE-2023-52981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52981"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-49910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49910"
},
{
"name": "CVE-2025-68362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68362"
},
{
"name": "CVE-2023-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53105"
},
{
"name": "CVE-2025-68236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68236"
},
{
"name": "CVE-2024-39286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39286"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-14524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-68333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68333"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2025-71160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71160"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2023-52625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52625"
},
{
"name": "CVE-2023-53353",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53353"
},
{
"name": "CVE-2024-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58096"
},
{
"name": "CVE-2025-38225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38225"
},
{
"name": "CVE-2023-53401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53401"
},
{
"name": "CVE-2025-22037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22037"
},
{
"name": "CVE-2023-53702",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53702"
},
{
"name": "CVE-2025-68290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68290"
},
{
"name": "CVE-2025-40280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40280"
},
{
"name": "CVE-2024-26842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26842"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2023-54059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54059"
},
{
"name": "CVE-2025-71162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71162"
},
{
"name": "CVE-2021-0170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0170"
},
{
"name": "CVE-2019-10782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
},
{
"name": "CVE-2024-40966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2026-23075",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23075"
},
{
"name": "CVE-2022-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50571"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2026-23120",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23120"
},
{
"name": "CVE-2025-40180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40180"
},
{
"name": "CVE-2022-49393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49393"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2025-68803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68803"
},
{
"name": "CVE-2026-22996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22996"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2025-39851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39851"
},
{
"name": "CVE-2025-71204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71204"
},
{
"name": "CVE-2025-68331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68331"
},
{
"name": "CVE-2025-38244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38244"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2025-38080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38080"
},
{
"name": "CVE-2023-32651",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32651"
},
{
"name": "CVE-2025-37747",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37747"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2026-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23105"
},
{
"name": "CVE-2023-53036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53036"
},
{
"name": "CVE-2025-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38615"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-71115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71115"
},
{
"name": "CVE-2026-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22976"
},
{
"name": "CVE-2022-50862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50862"
},
{
"name": "CVE-2025-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1118"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-35862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35862"
},
{
"name": "CVE-2023-53355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53355"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2026-23181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23181"
},
{
"name": "CVE-2025-37944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37944"
},
{
"name": "CVE-2023-53558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53558"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-68214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68214"
},
{
"name": "CVE-2025-38703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38703"
},
{
"name": "CVE-2026-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
},
{
"name": "CVE-2026-22860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22860"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2025-40247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0686"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2025-68781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68781"
},
{
"name": "CVE-2025-39753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39753"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2021-0173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0173"
},
{
"name": "CVE-2025-71112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71112"
},
{
"name": "CVE-2023-54285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54285"
},
{
"name": "CVE-2024-45778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45778"
},
{
"name": "CVE-2026-23086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23086"
},
{
"name": "CVE-2024-47661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47661"
},
{
"name": "CVE-2026-28418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28418"
},
{
"name": "CVE-2023-54151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54151"
},
{
"name": "CVE-2025-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22022"
},
{
"name": "CVE-2025-66864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66864"
},
{
"name": "CVE-2024-46803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46803"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40192"
},
{
"name": "CVE-2025-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38544"
},
{
"name": "CVE-2025-39797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39797"
},
{
"name": "CVE-2025-68818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68818"
},
{
"name": "CVE-2022-36351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
},
{
"name": "CVE-2023-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52921"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-43832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2024-54683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54683"
},
{
"name": "CVE-2025-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
},
{
"name": "CVE-2024-46720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46720"
},
{
"name": "CVE-2024-26658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26658"
},
{
"name": "CVE-2026-2243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2243"
},
{
"name": "CVE-2025-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38198"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2024-38564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
},
{
"name": "CVE-2021-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0174"
},
{
"name": "CVE-2025-8746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8746"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2025-38006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38006"
},
{
"name": "CVE-2025-40102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2025-40170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40170"
},
{
"name": "CVE-2025-38437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38437"
},
{
"name": "CVE-2025-40160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40160"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-45779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45779"
},
{
"name": "CVE-2025-40284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40284"
},
{
"name": "CVE-2025-38125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38125"
},
{
"name": "CVE-2025-40077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40077"
},
{
"name": "CVE-2024-57857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-50213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50213"
},
{
"name": "CVE-2024-46823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46823"
},
{
"name": "CVE-2023-32642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32642"
},
{
"name": "CVE-2025-71227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71227"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2024-46733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46733"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2022-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50015"
},
{
"name": "CVE-2025-40071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40071"
},
{
"name": "CVE-2024-7883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7883"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2022-50772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50772"
},
{
"name": "CVE-2024-56717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56717"
},
{
"name": "CVE-2025-68366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68366"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2023-54234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54234"
},
{
"name": "CVE-2022-45885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45885"
},
{
"name": "CVE-2022-49783",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49783"
},
{
"name": "CVE-2025-40305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40305"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2025-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47153"
},
{
"name": "CVE-2025-40080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
},
{
"name": "CVE-2024-53216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53216"
},
{
"name": "CVE-2022-49539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49539"
},
{
"name": "CVE-2024-36347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36347"
},
{
"name": "CVE-2024-26869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-68815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68815"
},
{
"name": "CVE-2021-20255",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20255"
},
{
"name": "CVE-2022-48979",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48979"
},
{
"name": "CVE-2025-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40307"
},
{
"name": "CVE-2025-71193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71193"
},
{
"name": "CVE-2023-54180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54180"
},
{
"name": "CVE-2026-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23095"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2025-68346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68346"
},
{
"name": "CVE-2025-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38081"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2025-71163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71163"
},
{
"name": "CVE-2024-36350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36350"
},
{
"name": "CVE-2023-25951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25951"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2023-53152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53152"
},
{
"name": "CVE-2021-0308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0308"
},
{
"name": "CVE-2025-68315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68315"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2025-39850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39850"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2023-45927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45927"
},
{
"name": "CVE-2020-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25742"
},
{
"name": "CVE-2022-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0987"
},
{
"name": "CVE-2025-71096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71096"
},
{
"name": "CVE-2025-71095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71095"
},
{
"name": "CVE-2025-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
},
{
"name": "CVE-2025-38199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38199"
},
{
"name": "CVE-2025-39905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39905"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2022-50720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50720"
},
{
"name": "CVE-2025-71105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71105"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2022-49529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49529"
},
{
"name": "CVE-2025-68266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68266"
},
{
"name": "CVE-2024-27057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27057"
},
{
"name": "CVE-2025-68771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68771"
},
{
"name": "CVE-2025-39961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39961"
},
{
"name": "CVE-2025-68363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68363"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2024-26876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26876"
},
{
"name": "CVE-2025-40248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"name": "CVE-2023-52657",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52657"
},
{
"name": "CVE-2025-37876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37876"
},
{
"name": "CVE-2024-58089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58089"
},
{
"name": "CVE-2024-36331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36331"
},
{
"name": "CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"name": "CVE-2025-39748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
},
{
"name": "CVE-2026-22984",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22984"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2022-49127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49127"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2020-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25741"
},
{
"name": "CVE-2022-50748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50748"
},
{
"name": "CVE-2023-53767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53767"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21696"
},
{
"name": "CVE-2025-68303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68303"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-39863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
},
{
"name": "CVE-2025-40259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
},
{
"name": "CVE-2023-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53180"
},
{
"name": "CVE-2026-28419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28419"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38560"
},
{
"name": "CVE-2023-53385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53385"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2025-68757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68757"
},
{
"name": "CVE-2024-46678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46678"
},
{
"name": "CVE-2024-58097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58097"
},
{
"name": "CVE-2023-53620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53620"
},
{
"name": "CVE-2022-50539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50539"
},
{
"name": "CVE-2025-71068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71068"
},
{
"name": "CVE-2025-23130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23130"
},
{
"name": "CVE-2022-49496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49496"
},
{
"name": "CVE-2025-38349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38349"
},
{
"name": "CVE-2024-56782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
},
{
"name": "CVE-2025-39957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2023-53540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53540"
},
{
"name": "CVE-2022-49552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49552"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-53261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53261"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2026-23033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"name": "CVE-2025-39726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39726"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-39931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"name": "CVE-2023-54187",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54187"
},
{
"name": "CVE-2026-22977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22977"
},
{
"name": "CVE-2026-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23145"
},
{
"name": "CVE-2022-44032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44032"
},
{
"name": "CVE-2024-57895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57895"
},
{
"name": "CVE-2023-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53240"
},
{
"name": "CVE-2025-13735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13735"
},
{
"name": "CVE-2023-53694",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53694"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-35794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35794"
},
{
"name": "CVE-2023-52829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52829"
},
{
"name": "CVE-2026-23003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23003"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38716"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2026-23076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23076"
},
{
"name": "CVE-2023-54145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54145"
},
{
"name": "CVE-2025-38033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38033"
},
{
"name": "CVE-2024-41023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41023"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2024-35801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35801"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2025-15079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2024-42125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42125"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2024-56737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56737"
},
{
"name": "CVE-2025-68168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68168"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2025-68206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
},
{
"name": "CVE-2020-11935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11935"
},
{
"name": "CVE-2023-54247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54247"
},
{
"name": "CVE-2025-68309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68309"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2024-57852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57852"
},
{
"name": "CVE-2025-40003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40003"
},
{
"name": "CVE-2025-22042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22042"
},
{
"name": "CVE-2025-71158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71158"
},
{
"name": "CVE-2022-49803",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49803"
},
{
"name": "CVE-2024-57898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57898"
},
{
"name": "CVE-2020-35503",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35503"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-56639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56639"
},
{
"name": "CVE-2025-68372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68372"
},
{
"name": "CVE-2026-23171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23171"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-53002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53002"
},
{
"name": "CVE-2021-0183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0183"
},
{
"name": "CVE-2025-39884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39884"
},
{
"name": "CVE-2025-39747",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39747"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2024-35826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35826"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2022-49764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49764"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-21651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
},
{
"name": "CVE-2025-38092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38092"
},
{
"name": "CVE-2025-22124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22124"
},
{
"name": "CVE-2025-68313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68313"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2023-26553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26553"
},
{
"name": "CVE-2025-60876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"name": "CVE-2025-37776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37776"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2024-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6519"
},
{
"name": "CVE-2024-46729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46729"
},
{
"name": "CVE-2023-53850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53850"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2022-50266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50266"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2025-71137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71137"
},
{
"name": "CVE-2026-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23084"
},
{
"name": "CVE-2023-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53093"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2025-40123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40123"
},
{
"name": "CVE-2026-22979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22979"
},
{
"name": "CVE-2025-68301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2022-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50009"
},
{
"name": "CVE-2022-26047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26047"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2026-23011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23011"
},
{
"name": "CVE-2024-36949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36949"
},
{
"name": "CVE-2023-53816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53816"
},
{
"name": "CVE-2025-37877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37877"
},
{
"name": "CVE-2024-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2193"
},
{
"name": "CVE-2025-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4382"
},
{
"name": "CVE-2022-28693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28693"
},
{
"name": "CVE-2025-71161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71161"
},
{
"name": "CVE-2025-39706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39706"
},
{
"name": "CVE-2025-22038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22038"
},
{
"name": "CVE-2025-68217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68217"
},
{
"name": "CVE-2023-54242",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54242"
},
{
"name": "CVE-2025-68289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68289"
},
{
"name": "CVE-2025-40363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40363"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2025-40253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
},
{
"name": "CVE-2022-48816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48816"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2025-37800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37800"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2022-50518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50518"
},
{
"name": "CVE-2022-49829",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49829"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2016-2568",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2568"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2025-68245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68245"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2018-12929",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12929"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2025-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39952"
},
{
"name": "CVE-2025-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40317"
},
{
"name": "CVE-2024-45783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45783"
},
{
"name": "CVE-2026-23110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23110"
},
{
"name": "CVE-2023-53410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53410"
},
{
"name": "CVE-2023-53254",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53254"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-47210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47210"
},
{
"name": "CVE-2025-68809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68809"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-36920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36920"
},
{
"name": "CVE-2021-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0165"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2022-49177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49177"
},
{
"name": "CVE-2025-38205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38205"
},
{
"name": "CVE-2026-23100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2024-58241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58241"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-71120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71120"
},
{
"name": "CVE-2025-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38166"
},
{
"name": "CVE-2022-49833",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49833"
},
{
"name": "CVE-2026-23060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23060"
},
{
"name": "CVE-2025-38321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38321"
},
{
"name": "CVE-2025-68282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68282"
},
{
"name": "CVE-2025-39705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39705"
},
{
"name": "CVE-2025-68817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68817"
},
{
"name": "CVE-2024-36021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36021"
},
{
"name": "CVE-2025-38045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38045"
},
{
"name": "CVE-2024-46726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46726"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2025-68787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68787"
},
{
"name": "CVE-2025-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1125"
},
{
"name": "CVE-2023-53647",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53647"
},
{
"name": "CVE-2025-37954",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
},
{
"name": "CVE-2025-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23133"
},
{
"name": "CVE-2025-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0012"
},
{
"name": "CVE-2020-12313",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12313"
},
{
"name": "CVE-2025-71233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71233"
},
{
"name": "CVE-2025-68782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68782"
},
{
"name": "CVE-2021-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0166"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2022-3872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3872"
},
{
"name": "CVE-2025-39744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39744"
},
{
"name": "CVE-2025-71197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71197"
},
{
"name": "CVE-2025-68177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68177"
},
{
"name": "CVE-2025-68758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68758"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-37021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37021"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2025-27610",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27610"
},
{
"name": "CVE-2025-68191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68191"
},
{
"name": "CVE-2026-23031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23031"
},
{
"name": "CVE-2024-46730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46730"
},
{
"name": "CVE-2025-71113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71113"
},
{
"name": "CVE-2025-71127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71127"
},
{
"name": "CVE-2025-37786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37786"
},
{
"name": "CVE-2024-46728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46728"
},
{
"name": "CVE-2023-53561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53561"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2023-54172",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54172"
},
{
"name": "CVE-2026-23050",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23050"
},
{
"name": "CVE-2024-58100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58100"
},
{
"name": "CVE-2020-0256",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0256"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2025-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21634"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2025-38047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38047"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2025-68340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68340"
},
{
"name": "CVE-2024-41013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41013"
},
{
"name": "CVE-2023-54320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54320"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-37959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
},
{
"name": "CVE-2017-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0537"
},
{
"name": "CVE-2025-38191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38191"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-68219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68219"
},
{
"name": "CVE-2022-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50232"
},
{
"name": "CVE-2025-38062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38062"
},
{
"name": "CVE-2025-38531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38531"
},
{
"name": "CVE-2023-26112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26112"
},
{
"name": "CVE-2018-6952",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6952"
},
{
"name": "CVE-2020-14304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14304"
},
{
"name": "CVE-2024-46834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46834"
},
{
"name": "CVE-2025-40288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40288"
},
{
"name": "CVE-2025-68239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68239"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-40281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40281"
},
{
"name": "CVE-2025-68185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68185"
},
{
"name": "CVE-2025-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40304"
},
{
"name": "CVE-2025-38503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38503"
},
{
"name": "CVE-2025-40110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40110"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2025-37807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37807"
},
{
"name": "CVE-2025-38131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38131"
},
{
"name": "CVE-2022-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50016"
},
{
"name": "CVE-2025-29481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29481"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2023-53009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53009"
},
{
"name": "CVE-2025-40268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40268"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2024-25740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25740"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-14178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14178"
},
{
"name": "CVE-2024-57950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57950"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2025-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40325"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-42321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
},
{
"name": "CVE-2026-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
},
{
"name": "CVE-2021-0176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0176"
},
{
"name": "CVE-2025-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
},
{
"name": "CVE-2022-48998",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48998"
},
{
"name": "CVE-2025-68798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68798"
},
{
"name": "CVE-2024-42273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42273"
},
{
"name": "CVE-2025-68336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68336"
},
{
"name": "CVE-2023-53794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53794"
},
{
"name": "CVE-2026-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23157"
},
{
"name": "CVE-2025-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40303"
},
{
"name": "CVE-2025-68178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68178"
},
{
"name": "CVE-2022-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49974"
},
{
"name": "CVE-2025-40337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40337"
},
{
"name": "CVE-2019-20633",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20633"
},
{
"name": "CVE-2025-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38264"
},
{
"name": "CVE-2021-3714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3714"
},
{
"name": "CVE-2023-54071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54071"
},
{
"name": "CVE-2024-56566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-40036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2025-39833",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39833"
},
{
"name": "CVE-2026-23097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
},
{
"name": "CVE-2025-37980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2025-40262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
},
{
"name": "CVE-2024-35784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35784"
},
{
"name": "CVE-2024-56591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56591"
},
{
"name": "CVE-2024-56544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56544"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2025-71198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71198"
},
{
"name": "CVE-2025-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
},
{
"name": "CVE-2024-57976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57976"
},
{
"name": "CVE-2025-68819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68819"
},
{
"name": "CVE-2025-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0685"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2026-23231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
},
{
"name": "CVE-2025-37879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37879"
},
{
"name": "CVE-2022-50071",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50071"
},
{
"name": "CVE-2025-40261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"name": "CVE-2024-56180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56180"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2025-38643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38643"
},
{
"name": "CVE-2021-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3864"
},
{
"name": "CVE-2025-39771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39771"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2024-26648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26648"
},
{
"name": "CVE-2025-66862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66862"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2020-24352",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24352"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2026-23021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23021"
},
{
"name": "CVE-2025-39819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39819"
},
{
"name": "CVE-2022-49296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49296"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2025-38360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38360"
},
{
"name": "CVE-2025-68732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68732"
},
{
"name": "CVE-2025-39715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39715"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2024-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0217"
},
{
"name": "CVE-2025-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40323"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2021-47658",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47658"
},
{
"name": "CVE-2025-68285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2019-12067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12067"
},
{
"name": "CVE-2024-57843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
},
{
"name": "CVE-2025-38512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38512"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-49916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49916"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2023-52648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52648"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2026-23093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23093"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-44963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44963"
},
{
"name": "CVE-2023-53348",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53348"
},
{
"name": "CVE-2022-48766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48766"
},
{
"name": "CVE-2019-15794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15794"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2022-50467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50467"
},
{
"name": "CVE-2025-37849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37849"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2024-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
},
{
"name": "CVE-2024-41935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
},
{
"name": "CVE-2025-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38162"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-71183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71183"
},
{
"name": "CVE-2023-54047",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54047"
},
{
"name": "CVE-2023-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53382"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2025-39677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39677"
},
{
"name": "CVE-2023-53651",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53651"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2025-68371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68371"
},
{
"name": "CVE-2022-50383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50383"
},
{
"name": "CVE-2025-39707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39707"
},
{
"name": "CVE-2025-40275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40275"
},
{
"name": "CVE-2023-53387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53387"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2024-45774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45774"
},
{
"name": "CVE-2023-54019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54019"
},
{
"name": "CVE-2025-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22053"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
},
{
"name": "CVE-2025-68211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68211"
},
{
"name": "CVE-2026-25702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25702"
},
{
"name": "CVE-2023-52452",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52452"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2022-50863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50863"
},
{
"name": "CVE-2025-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39829"
},
{
"name": "CVE-2024-35843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35843"
},
{
"name": "CVE-2025-71091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71091"
},
{
"name": "CVE-2025-39781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39781"
},
{
"name": "CVE-2025-39762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39762"
},
{
"name": "CVE-2024-40999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40999"
},
{
"name": "CVE-2023-53292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53292"
},
{
"name": "CVE-2023-52576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52576"
},
{
"name": "CVE-2024-27002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27002"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2025-21730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21730"
},
{
"name": "CVE-2024-35865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35865"
},
{
"name": "CVE-2025-71184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71184"
},
{
"name": "CVE-2023-52660",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52660"
},
{
"name": "CVE-2024-35995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35995"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2023-53371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53371"
},
{
"name": "CVE-2025-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38659"
},
{
"name": "CVE-2025-68227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68227"
},
{
"name": "CVE-2025-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22041"
},
{
"name": "CVE-2025-40339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40339"
},
{
"name": "CVE-2025-22127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22127"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2024-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27025"
},
{
"name": "CVE-2025-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38020"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2025-15224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
},
{
"name": "CVE-2024-26605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26605"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2024-38543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38543"
},
{
"name": "CVE-2025-68263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68263"
},
{
"name": "CVE-2023-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53187"
},
{
"name": "CVE-2025-38689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38689"
},
{
"name": "CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2025-38275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38275"
},
{
"name": "CVE-2025-68261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68261"
},
{
"name": "CVE-2022-48744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48744"
},
{
"name": "CVE-2025-38070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38070"
},
{
"name": "CVE-2025-68755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68755"
},
{
"name": "CVE-2025-62525",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62525"
},
{
"name": "CVE-2025-71238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71238"
},
{
"name": "CVE-2021-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0175"
},
{
"name": "CVE-2024-36012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36012"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2025-40334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40334"
},
{
"name": "CVE-2025-68767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68767"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2012-4542",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4542"
},
{
"name": "CVE-2021-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3773"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2022-49267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49267"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2025-37854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37854"
},
{
"name": "CVE-2025-38189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38189"
},
{
"name": "CVE-2022-48628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48628"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2025-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40319"
},
{
"name": "CVE-2021-44534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44534"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-56565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
},
{
"name": "CVE-2025-68193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68193"
},
{
"name": "CVE-2025-68727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68727"
},
{
"name": "CVE-2024-57872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
},
{
"name": "CVE-2023-28720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28720"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2026-23080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23080"
},
{
"name": "CVE-2024-46833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46833"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2023-53742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53742"
},
{
"name": "CVE-2025-38361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38361"
},
{
"name": "CVE-2025-38041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38041"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2023-53452",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53452"
},
{
"name": "CVE-2023-54121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54121"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-54261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54261"
},
{
"name": "CVE-2022-50616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50616"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2023-53544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53544"
},
{
"name": "CVE-2025-68264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68264"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2026-23154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23154"
},
{
"name": "CVE-2022-50708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50708"
},
{
"name": "CVE-2026-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
},
{
"name": "CVE-2025-68764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68764"
},
{
"name": "CVE-2025-9301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9301"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0326",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37233",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37233"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37237",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37237"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37236",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37236"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37246",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37246"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37235",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37235"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37229",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37229"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37226",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37226"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37230",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37230"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37242",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37242"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37228",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37228"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37240",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37240"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37243",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37243"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37234",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37234"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37231",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37231"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37239",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37239"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37227",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37227"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37232",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37232"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37247",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37247"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37241",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37241"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37238",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37238"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37244",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37244"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37245",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37245"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…