Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25679 (GCVE-0-2026-25679)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-10 13:37
VLAI
EPSS
Title
Incorrect parsing of IPv6 host literals in net/url
Summary
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/url |
Affected:
0 , < 1.25.8
(semver)
Affected: 1.26.0-0 , < 1.26.1 (semver) |
Credits
Masaki Hara (https://github.com/qnighy) of Wantedly
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-25679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:36:26.554241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:37:02.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/url",
"product": "net/url",
"programRoutines": [
{
"name": "parseHost"
},
{
"name": "JoinPath"
},
{
"name": "Parse"
},
{
"name": "ParseRequestURI"
},
{
"name": "URL.Parse"
},
{
"name": "URL.UnmarshalBinary"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Masaki Hara (https://github.com/qnighy) of Wantedly"
}
],
"descriptions": [
{
"lang": "en",
"value": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:28:14.211Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/752180"
},
{
"url": "https://go.dev/issue/77578"
},
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"title": "Incorrect parsing of IPv6 host literals in net/url"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-25679",
"datePublished": "2026-03-06T21:28:14.211Z",
"dateReserved": "2026-02-05T01:33:41.943Z",
"dateUpdated": "2026-03-10T13:37:02.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25679",
"date": "2026-06-28",
"epss": "0.0052",
"percentile": "0.40238"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25679\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-03-06T22:16:00.720\",\"lastModified\":\"2026-06-17T10:25:02.933\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.\"},{\"lang\":\"es\",\"value\":\"url.Parse valid\u00f3 insuficientemente el componente de host/autoridad y acept\u00f3 algunas URL inv\u00e1lidas.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net/url\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/url\",\"programRoutines\":[{\"name\":\"parseHost\"},{\"name\":\"JoinPath\"},{\"name\":\"Parse\"},{\"name\":\"ParseRequestURI\"},{\"name\":\"URL.Parse\"},{\"name\":\"URL.UnmarshalBinary\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-10T13:36:26.554241Z\",\"id\":\"CVE-2026-25679\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.8\",\"matchCriteriaId\":\"2D293CC0-B163-4E62-B985-52FB6ECA64C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40FE3CB-0D03-462B-8A19-4DF1920ABE82\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/752180\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://go.dev/issue/77578\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4601\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25679\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T13:36:26.554241Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T13:36:57.330Z\"}}], \"cna\": {\"title\": \"Incorrect parsing of IPv6 host literals in net/url\", \"credits\": [{\"lang\": \"en\", \"value\": \"Masaki Hara (https://github.com/qnighy) of Wantedly\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/url\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.1\", \"versionType\": \"semver\"}], \"packageName\": \"net/url\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseHost\"}, {\"name\": \"JoinPath\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseRequestURI\"}, {\"name\": \"URL.Parse\"}, {\"name\": \"URL.UnmarshalBinary\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/752180\"}, {\"url\": \"https://go.dev/issue/77578\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4601\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-03-06T21:28:14.211Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25679\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T13:37:02.459Z\", \"dateReserved\": \"2026-02-05T01:33:41.943Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-03-06T21:28:14.211Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:9385
Vulnerability from csaf_redhat - Published: 2026-04-21 15:08 - Updated: 2026-06-28 16:15Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 release
Severity
Important
Notes
Topic: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 has been released
Details: This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements and bug fixes.
Breaking changes:
* None.
Deprecations:
* None.
Technology Preview features:
* None.
Enhancements:
* None.
Bug fixes:
* gRPC-Go authorization bypass vulnerability fix: Previously, gRPC-Go was vulnerable to an authorization bypass attack. This issue occurred because the HTTP/2 :path pseudo-header was not properly validated. Remote attackers could send raw HTTP/2 frames with a malformed :path that omitted the mandatory leading slash to bypass defined security policies. With this update, gRPC-Go properly validates the :path pseudo-header and rejects malformed requests. As a result, attackers can no longer bypass security policies to gain unauthorized access to services or disclose information. For more information, see https://access.redhat.com/security/cve/cve-2026-33186.
* XPath component fix: Previously, the github.com/antchfx/xpath component did not properly handle certain Boolean XPath expressions. A remote attacker could submit a crafted expression that caused an infinite loop, resulting in 100% CPU utilization and a denial-of-service condition. With this update, the XPath component correctly processes Boolean expressions that evaluate to true. The system no longer enters an infinite loop when handling these expressions. For more information, see https://access.redhat.com/security/cve/cve-2026-4645.
* Go JOSE denial-of-service vulnerability fix: Previously, the Go JOSE library for handling JSON Web Encryption (JWE) objects was vulnerable to a denial-of-service (DoS) attack. This issue occurred because the application failed when decrypting a specially crafted JWE object that specified a key wrapping algorithm but contained an empty encrypted key field. With this update, Go JOSE properly validates the encrypted key field before decryption. As a result, the application no longer crashes when processing malformed JWE objects, and the service remains available to legitimate users. For more information, see https://access.redhat.com/security/cve/cve-2026-34986.
* Lodash _.template function fix: Previously, the lodash _.template function validated the variable option but did not validate options.imports key names. Both options passed values to the same code execution path. An attacker with the ability to control options.imports key names or pollute Object.prototype could exploit this gap to execute arbitrary code. With this update, lodash validates options.imports key names by using the same rules applied to the variable option. The _.template function rejects invalid key names and prevents code injection through this path. For more information, see https://access.redhat.com/security/cve/cve-2026-4800.
* Go crypto/x509 and crypto/tls packages fix: Previously, the Go standard library crypto/x509 and crypto/tls packages did not limit the number of intermediate certificates processed during certificate chain building. An attacker could provide an excessive number of intermediate certificates, causing the system to perform an uncontrolled amount of work and resulting in a denial-of-service condition. With this update, the packages limit the number of intermediate certificates accepted during certificate chain validation. The system rejects certificate chains that exceed this limit. For more information, see https://access.redhat.com/security/cve/cve-2026-32280.
* Go Root.Chmod function fix: Previously, the Root.Chmod function in the Go standard library internal/syscall/unix package had a race condition between checking and modifying a target file. An attacker could replace the target with a symbolic link after the check but before the operation completed, causing the permission change to apply to the linked file instead. This allowed an attacker to bypass directory restrictions and change permissions on unintended files. With this update, the Root.Chmod function prevents this race condition. The function no longer follows symbolic links that replace the target during execution. For more information, see https://access.redhat.com/security/cve/cve-2026-32282.
* Go crypto/x509 package fix: Previously, the Go crypto/x509 package applied excluded DNS constraints to wildcard Subject Alternative Names (SANs) in a case-sensitive manner. An attacker could bypass certificate validation by using a different case in the wildcard SAN than the excluded DNS constraint specified. This allowed the system to accept a malicious certificate that should have been rejected. With this update, the package applies DNS constraints case-insensitively when validating wildcard SANs. Certificate chain verification correctly rejects certificates that match excluded DNS constraints regardless of case. For more information, see https://access.redhat.com/security/cve/cve-2026-33810.
* Go crypto/tls component fix: Previously, the Go crypto/tls component did not re-validate certificates against updated certificate authority (CA) settings during TLS session resumption. If CA settings changed between the initial handshake and a resumed session, the component used the original CA settings. An attacker could exploit this to bypass certificate validation and establish a connection that should have been rejected. With this update, the component validates certificates against the current CA settings during session resumption. Resumed sessions that no longer meet CA requirements are rejected. For more information, see https://access.redhat.com/security/cve/cve-2025-68121.
* jsonparser Delete function fix: Previously, the Delete function in the github.com/buger/jsonparser component did not validate offsets when processing malformed JSON input. A remote attacker could provide crafted JSON data that caused a runtime panic, resulting in a denial-of-service condition. With this update, the Delete function validates offsets before processing. The function handles malformed JSON input as expected. For more information, see https://access.redhat.com/security/cve/cve-2026-32285.
* path-to-regexp component fix: Previously, the path-to-regexp component did not limit the complexity of generated regular expressions. A remote attacker could provide input containing multiple sequential optional groups, causing exponential growth in the generated expression and excessive resource consumption. This resulted in a denial-of-service condition. With this update, the component limits regular expression complexity. Input patterns with sequential optional groups no longer cause excessive resource consumption. For more information, see https://access.redhat.com/security/cve/cve-2026-4926.
* Go net/url.Parse function fix: Previously, the Go net/url.Parse function did not properly validate the host component of URLs containing IP-literals. The function ignored invalid characters preceding IP-literals and accepted URLs that should have been rejected. With this update, the function validates the entire host component. URLs with invalid characters before IP-literals are rejected as malformed. For more information, see https://access.redhat.com/security/cve/cve-2026-25679.
* Go crypto/x509 module fix: Previously, the Go crypto/x509 module did not apply all email address constraints when validating certificates. If a certificate contained multiple email constraints with the same local portion but different domain portions, the module only enforced the last constraint and ignored the others. With this update, the module applies all email address constraints during certificate chain validation. Certificates are validated against every specified email constraint. For more information, see https://access.redhat.com/security/cve/cve-2026-27137.
Known issues:
* Gateway fails to forward OTLP HTTP traffic when receiver TLS is enabled. When Tempo Monolithic is configured with `multitenancy.enabled: true` and `ingestion.otlp.http.tls.enabled: true`, the gateway forwards OTLP HTTP traffic to the Tempo receiver using plain HTTP instead of HTTPS. As a consequence, the connection fails with a `connection reset by peer` error because the receiver expects TLS connections. OTLP gRPC ingestion through the gateway is not affected. Jira issue: https://issues.redhat.com/browse/TRACING-5973.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Threats
Impact
Moderate
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Workaround
|
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x | — |
Workaround
|
Threats
Impact
Important
References
92 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements and bug fixes.\n\n\nBreaking changes:\n\n* None.\n\n\nDeprecations:\n\n* None.\n\n\nTechnology Preview features:\n\n* None.\n\n\nEnhancements:\n\n* None.\n\n\nBug fixes:\n\n* gRPC-Go authorization bypass vulnerability fix: Previously, gRPC-Go was vulnerable to an authorization bypass attack. This issue occurred because the HTTP/2 :path pseudo-header was not properly validated. Remote attackers could send raw HTTP/2 frames with a malformed :path that omitted the mandatory leading slash to bypass defined security policies. With this update, gRPC-Go properly validates the :path pseudo-header and rejects malformed requests. As a result, attackers can no longer bypass security policies to gain unauthorized access to services or disclose information. For more information, see https://access.redhat.com/security/cve/cve-2026-33186.\n\n* XPath component fix: Previously, the github.com/antchfx/xpath component did not properly handle certain Boolean XPath expressions. A remote attacker could submit a crafted expression that caused an infinite loop, resulting in 100% CPU utilization and a denial-of-service condition. With this update, the XPath component correctly processes Boolean expressions that evaluate to true. The system no longer enters an infinite loop when handling these expressions. For more information, see https://access.redhat.com/security/cve/cve-2026-4645.\n\n* Go JOSE denial-of-service vulnerability fix: Previously, the Go JOSE library for handling JSON Web Encryption (JWE) objects was vulnerable to a denial-of-service (DoS) attack. This issue occurred because the application failed when decrypting a specially crafted JWE object that specified a key wrapping algorithm but contained an empty encrypted key field. With this update, Go JOSE properly validates the encrypted key field before decryption. As a result, the application no longer crashes when processing malformed JWE objects, and the service remains available to legitimate users. For more information, see https://access.redhat.com/security/cve/cve-2026-34986.\n\n* Lodash _.template function fix: Previously, the lodash _.template function validated the variable option but did not validate options.imports key names. Both options passed values to the same code execution path. An attacker with the ability to control options.imports key names or pollute Object.prototype could exploit this gap to execute arbitrary code. With this update, lodash validates options.imports key names by using the same rules applied to the variable option. The _.template function rejects invalid key names and prevents code injection through this path. For more information, see https://access.redhat.com/security/cve/cve-2026-4800.\n\n* Go crypto/x509 and crypto/tls packages fix: Previously, the Go standard library crypto/x509 and crypto/tls packages did not limit the number of intermediate certificates processed during certificate chain building. An attacker could provide an excessive number of intermediate certificates, causing the system to perform an uncontrolled amount of work and resulting in a denial-of-service condition. With this update, the packages limit the number of intermediate certificates accepted during certificate chain validation. The system rejects certificate chains that exceed this limit. For more information, see https://access.redhat.com/security/cve/cve-2026-32280.\n\n* Go Root.Chmod function fix: Previously, the Root.Chmod function in the Go standard library internal/syscall/unix package had a race condition between checking and modifying a target file. An attacker could replace the target with a symbolic link after the check but before the operation completed, causing the permission change to apply to the linked file instead. This allowed an attacker to bypass directory restrictions and change permissions on unintended files. With this update, the Root.Chmod function prevents this race condition. The function no longer follows symbolic links that replace the target during execution. For more information, see https://access.redhat.com/security/cve/cve-2026-32282.\n\n* Go crypto/x509 package fix: Previously, the Go crypto/x509 package applied excluded DNS constraints to wildcard Subject Alternative Names (SANs) in a case-sensitive manner. An attacker could bypass certificate validation by using a different case in the wildcard SAN than the excluded DNS constraint specified. This allowed the system to accept a malicious certificate that should have been rejected. With this update, the package applies DNS constraints case-insensitively when validating wildcard SANs. Certificate chain verification correctly rejects certificates that match excluded DNS constraints regardless of case. For more information, see https://access.redhat.com/security/cve/cve-2026-33810.\n\n* Go crypto/tls component fix: Previously, the Go crypto/tls component did not re-validate certificates against updated certificate authority (CA) settings during TLS session resumption. If CA settings changed between the initial handshake and a resumed session, the component used the original CA settings. An attacker could exploit this to bypass certificate validation and establish a connection that should have been rejected. With this update, the component validates certificates against the current CA settings during session resumption. Resumed sessions that no longer meet CA requirements are rejected. For more information, see https://access.redhat.com/security/cve/cve-2025-68121.\n\n* jsonparser Delete function fix: Previously, the Delete function in the github.com/buger/jsonparser component did not validate offsets when processing malformed JSON input. A remote attacker could provide crafted JSON data that caused a runtime panic, resulting in a denial-of-service condition. With this update, the Delete function validates offsets before processing. The function handles malformed JSON input as expected. For more information, see https://access.redhat.com/security/cve/cve-2026-32285.\n\n* path-to-regexp component fix: Previously, the path-to-regexp component did not limit the complexity of generated regular expressions. A remote attacker could provide input containing multiple sequential optional groups, causing exponential growth in the generated expression and excessive resource consumption. This resulted in a denial-of-service condition. With this update, the component limits regular expression complexity. Input patterns with sequential optional groups no longer cause excessive resource consumption. For more information, see https://access.redhat.com/security/cve/cve-2026-4926.\n\n* Go net/url.Parse function fix: Previously, the Go net/url.Parse function did not properly validate the host component of URLs containing IP-literals. The function ignored invalid characters preceding IP-literals and accepted URLs that should have been rejected. With this update, the function validates the entire host component. URLs with invalid characters before IP-literals are rejected as malformed. For more information, see https://access.redhat.com/security/cve/cve-2026-25679.\n\n* Go crypto/x509 module fix: Previously, the Go crypto/x509 module did not apply all email address constraints when validating certificates. If a certificate contained multiple email constraints with the same local portion but different domain portions, the module only enforced the last constraint and ignored the others. With this update, the module applies all email address constraints during certificate chain validation. Certificates are validated against every specified email constraint. For more information, see https://access.redhat.com/security/cve/cve-2026-27137.\n\n\nKnown issues:\n\n* Gateway fails to forward OTLP HTTP traffic when receiver TLS is enabled. When Tempo Monolithic is configured with `multitenancy.enabled: true` and `ingestion.otlp.http.tls.enabled: true`, the gateway forwards OTLP HTTP traffic to the Tempo receiver using plain HTTP instead of HTTPS. As a consequence, the connection fails with a `connection reset by peer` error because the receiver expects TLS connections. OTLP gRPC ingestion through the gateway is not affected. Jira issue: https://issues.redhat.com/browse/TRACING-5973.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9385",
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4645",
"url": "https://access.redhat.com/security/cve/CVE-2026-4645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4800",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4926",
"url": "https://access.redhat.com/security/cve/CVE-2026-4926"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9385.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 release",
"tracking": {
"current_release_date": "2026-06-28T16:15:11+00:00",
"generator": {
"date": "2026-06-28T16:15:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9385",
"initial_release_date": "2026-04-21T15:08:38+00:00",
"revision_history": [
{
"date": "2026-04-21T15:08:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T15:08:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T16:15:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256%3Ad180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776674955"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Aa5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435613"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435680"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3Ac939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Aa66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435613"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435680"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3A9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435613"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435680"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Ab68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Ac7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3Aee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435613"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776435680"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-4645",
"discovery_date": "2026-03-23T06:02:52.120840+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "A denial of service vulnerability was discovered in `github.com/antchfx/xpath`, with Important severity. Systems processing untrusted XPath expressions are vulnerable to an infinite loop, leading to 100% CPU utilization which would impact normal operations of the system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4645"
}
],
"release_date": "2026-03-17T20:58:59+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict the processing of untrusted or unvalidated XPath expressions by applications which utilize the `github.com/antchfx/xpath` component. Implement input validation and sanitization for all XPath expressions originating from external or untrusted sources. If possible, configure applications to only process XPath expressions from trusted sources or disable features that allow arbitrary XPath expression evaluation.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions"
},
{
"cve": "CVE-2026-4800",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-03-31T20:01:21.918257+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user\u0027s browser. Consequently, the attack surface is strictly restricted to the local browser environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "RHBZ#2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
"url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
}
],
"release_date": "2026-03-31T19:25:55.987000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
},
{
"cve": "CVE-2026-4926",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-03-26T20:03:28.427630+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in `path-to-regexp` that can lead to a Denial of Service. The vulnerability occurs when specially crafted input containing multiple sequential optional groups is used to generate regular expressions, causing exponential resource consumption.\n\nThe Red Hat Advanced Cluster Security is not affected by this issue since it\u0027s shipping a `path-to-regexp` version which doesn\u0027t contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4926"
},
{
"category": "external",
"summary": "RHBZ#2451867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"release_date": "2026-03-26T18:59:38+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:08:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:034af4f19268a6ae63aa7f49ca70f0d1c0311fd269a3bdd79f337260c89ac052_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:9012c42fbb769f3e186bb9ade5f5a044a38e0db7336648050def9fb2f0057c9e_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a66154755c86d821035cf83c940401ddc2a8d45b395f3a36d58f5755de621e43_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:b68e6b2f84171b46ba16b1a2e1d4e4624faacc09453cf14ca68e319e9c8b7115_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:59b7e5bd9dfbf299d3fb92747eccc89a0ac546939f0496deb0cbd418b016be30_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:61eacd3b26e3d12166e61a3cabe2137fb074f245ded11e1f745bb74839f077d4_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:9f8e4d6c9e6784baf45513552e8be6487d30d93679043519958b6cc47255b613_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:c939c718084a9f1cff2bb56f932398c58ee3968834ff31ce85c4d356423b6545_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:0205c0565948891a128ed9b6d639582b20cc50123ad22a8cbbf414d4843f2fe8_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:15db63cb743ea84e1acc3d668543233b4bd566c73dc0f033ae8b43390f324764_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:63a9b773e467978769c428a538c8d75c28bfe52e069ac17d269fb7b3c5ad7f54_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:81a49b0518d578de0f8fafdb50cc844e1f6dbf1241d7a10856b8ae810fd873af_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:d180bac53d873bba131cedd40db06cd784d8dc4795d9bff85a6b33921cc1dd9c_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:1c4fa975d38a317a307967887524df0c7c3117a91452730978de55a70b41153b_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:3afa5f0d4f74e4d74a74ae9f2ed1c9cdd817473f3ae074de269af9625b77643d_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:820a6bdb3262f1350e06af22121ba6d454908ac6747fa64d768226e6ff77d982_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:ee7da439cd21c32b1bc419de7e6d00b13d755a7b360dfea2ff882f9b1a25aa9d_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0a70a38b8b349197a0bd807e226803976c23fda03683f3d63b0687b9bd45d540_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:1dec0c1cd978d3f260d99133ac942a88e255708197f5ded6594db00082357d33_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:a5befd5575eebc08f0c6ec8b928f8b5c286ebb3d2dfcdbcb0cdd696b54335299_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:c7ae36b9d4c9bfb0750bdb7e9d7b897940ab5149eb670b44c1fe9b1ca7688910_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:0925a2af960b4714614d3f73a14b7a2a04de655cfcedbdd843c06ea5872d1987_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:53621f808c45a6c8aec0d2df240106a41b1f48c59bb3db648d3d20bb03cb92cf_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:55635b179e701a58643a4ffc148d75ed2d1e82a383783812484e3da9b7bedaf4_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:9a0a8a33df8e58e391d28fae62e06378c4f3c26e4d81532d38728632698f637c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:9434
Vulnerability from csaf_redhat - Published: 2026-04-21 17:19 - Updated: 2026-06-27 19:45Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9434",
"url": "https://access.redhat.com/errata/RHSA-2026:9434"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9434.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-27T19:45:22+00:00",
"generator": {
"date": "2026-06-27T19:45:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9434",
"initial_release_date": "2026-04-21T17:19:55+00:00",
"revision_history": [
{
"date": "2026-04-21T17:19:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:19:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:45:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-2.el9_2.6.src",
"product": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.src",
"product_id": "git-lfs-0:3.2.0-2.el9_2.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"product": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"product_id": "git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"product": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"product_id": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"product": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"product_id": "git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64",
"product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-2.el9_2.6.s390x",
"product": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.s390x",
"product_id": "git-lfs-0:3.2.0-2.el9_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64"
},
"product_reference": "git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le"
},
"product_reference": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x"
},
"product_reference": "git-lfs-0:3.2.0-2.el9_2.6.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src"
},
"product_reference": "git-lfs-0:3.2.0-2.el9_2.6.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64"
},
"product_reference": "git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:19:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9434"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src",
"AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x",
"AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:9435
Vulnerability from csaf_redhat - Published: 2026-04-21 17:12 - Updated: 2026-06-27 19:45Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9435",
"url": "https://access.redhat.com/errata/RHSA-2026:9435"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9435.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-27T19:45:23+00:00",
"generator": {
"date": "2026-06-27T19:45:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9435",
"initial_release_date": "2026-04-21T17:12:00+00:00",
"revision_history": [
{
"date": "2026-04-21T17:12:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:12:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:45:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el10_0.3.src",
"product": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.src",
"product_id": "git-lfs-0:3.6.1-2.el10_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"product": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"product_id": "git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"product": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"product_id": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el10_0.3.s390x",
"product": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.s390x",
"product_id": "git-lfs-0:3.6.1-2.el10_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"product": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"product_id": "git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64"
},
"product_reference": "git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le"
},
"product_reference": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x"
},
"product_reference": "git-lfs-0:3.6.1-2.el10_0.3.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src"
},
"product_reference": "git-lfs-0:3.6.1-2.el10_0.3.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64"
},
"product_reference": "git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:12:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9435"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src",
"AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x",
"AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:9436
Vulnerability from csaf_redhat - Published: 2026-04-21 17:09 - Updated: 2026-06-27 18:14Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9436",
"url": "https://access.redhat.com/errata/RHSA-2026:9436"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9436.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-27T18:14:08+00:00",
"generator": {
"date": "2026-06-27T18:14:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9436",
"initial_release_date": "2026-04-21T17:09:01+00:00",
"revision_history": [
{
"date": "2026-04-21T17:09:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:09:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T18:14:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:2.13.3-5.el9_0.7.src",
"product": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.src",
"product_id": "git-lfs-0:2.13.3-5.el9_0.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"product": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"product_id": "git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"product": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"product": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"product_id": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"product": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"product_id": "git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64",
"product": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64",
"product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:2.13.3-5.el9_0.7.s390x",
"product": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.s390x",
"product_id": "git-lfs-0:2.13.3-5.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"product": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"product": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64"
},
"product_reference": "git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le"
},
"product_reference": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x"
},
"product_reference": "git-lfs-0:2.13.3-5.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src"
},
"product_reference": "git-lfs-0:2.13.3-5.el9_0.7.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64"
},
"product_reference": "git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x"
},
"product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64"
},
"product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x"
},
"product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"
},
"product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:09:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9436"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:9439
Vulnerability from csaf_redhat - Published: 2026-04-21 17:53 - Updated: 2026-06-27 19:45Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9439",
"url": "https://access.redhat.com/errata/RHSA-2026:9439"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9439.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-27T19:45:23+00:00",
"generator": {
"date": "2026-06-27T19:45:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9439",
"initial_release_date": "2026-04-21T17:53:20+00:00",
"revision_history": [
{
"date": "2026-04-21T17:53:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:53:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:45:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el9_6.3.src",
"product": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.src",
"product_id": "git-lfs-0:3.6.1-2.el9_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"product": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"product_id": "git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"product": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"product_id": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"product": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"product_id": "git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-2.el9_6.3.s390x",
"product": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.s390x",
"product_id": "git-lfs-0:3.6.1-2.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64"
},
"product_reference": "git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le"
},
"product_reference": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x"
},
"product_reference": "git-lfs-0:3.6.1-2.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src"
},
"product_reference": "git-lfs-0:3.6.1-2.el9_6.3.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64"
},
"product_reference": "git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:53:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9439"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:9440
Vulnerability from csaf_redhat - Published: 2026-04-21 17:12 - Updated: 2026-06-28 16:15Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.10
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.0.10
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.0.10, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
Security Fix(es):
* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)
* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.10\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.10, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)\n\n* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9440",
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33748",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25679",
"url": "https://access.redhat.com/security/cve/cve-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33186",
"url": "https://access.redhat.com/security/cve/cve-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33747",
"url": "https://access.redhat.com/security/cve/cve-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33748",
"url": "https://access.redhat.com/security/cve/cve-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9440.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.10",
"tracking": {
"current_release_date": "2026-06-28T16:15:11+00:00",
"generator": {
"date": "2026-06-28T16:15:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9440",
"initial_release_date": "2026-04-21T17:12:20+00:00",
"revision_history": [
{
"date": "2026-04-21T17:12:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:12:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T16:15:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ac09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776442219"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Abf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776180733"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776240392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1776181708"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ab4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776180733"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776240392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1776181708"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aaea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776180733"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ae86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ae33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776240392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1776181708"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181079"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ad37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776180733"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776181166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776240392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1776181708"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:12:20+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:12:20+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:12:20+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33748",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T15:02:00.107493+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452271"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "RHBZ#2452271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://docs.docker.com/build/concepts/context/#url-fragments",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
}
],
"release_date": "2026-03-27T14:00:21.200000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:12:20+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:3c8a43dac72fcb80665579849150ce601046fbcf6c2306583b0490605115ac0f_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:693b5c635be68ad83f43140b36603d99a20c879bf345d12a44890b45bcd07b01_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:734219183920ce01e754291dd7611715a69a9403f9633b3400755786fcc275cd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:8cbf69617323c8c5a34eb52591608ec28f43de129ed6140baf3f9a9a7fa483f8_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1fd5ff140d8d559cfd3c5ba85036579e0e72fa4ce7125e16c1ea24d70e94ff86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:46e186d49081b64a4291e49e5f2acd77184699b66cdc08acdbb7e82c259b2b74_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86787f164505d6ef3917997ad7a424d65da313fe50f0f952f13f55ce9d798b99_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bf1d68837cdb05f9c95e3c42692cc9e83fd4a0c5ac3dc7da3ffae49626502a9c_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a6694107707703209034473f159ab1f7e22106c7d1e1d722f373627dd9d7c47_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5faebff2c06c92bbff9453f577c9b6c259e5365fb4f452f630c592e7a06673a2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8bec8dff7483dcb749deca1d7df6042b94d2a84abed4cf82e69230a8c28c59ca_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9fa72261b4c4a178430ab10cecb79e1c9599740c3fc06192014245b1db1edffc_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:66d3a47929e31772f8cde153eb0523fb0f1696547ab2dbe98b30a453306b8adc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b00869deda7269236cb315b95c8abf4930b97995dcac9212a99b561251a401a9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b383628612ef6aff4328bd880b2400fd4011b53a1429a2ffacfc4d15f515d634_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e86ddb9ffc3b50dc508f5eae310bcf1e7c994e7dbe3d538baebc1dc41316722d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3113f8ef93a2abecad7ad6bd44d800c9c2735888b93f7a9b713ee93669fc3802_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5f9b2a458158fbf02a611d8d2822c6425d186ce4cd73c091a097a3c0218f18ff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2650c47f50206054063e8a62a8073d29a29808b21c2ab3d9964bd70995ff6eb_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e33cee7e3c778713dd44e3109609155061de98b83fbb91a89182179163ec05d4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:5931cffa333330d80fa57431080621e8f39cdb9257201fad7d56da31b01c569f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:aea2066308c02465b7d1edc6afd52d3b6c37a92d1ca38e929a7354be2bb36493_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:b4339c9932dc7d84ce95f6b84a70f428f5f8da03e607f19602da5f83b6cacf1b_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d37b966d871535c9277cda4c8aef1d9306b4f47f38043718ab4f13ccebbebc6b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:c09e38353c9125431890b9cbd0be760b8b6c3d1faf6bb515e20c2c414dd70f2d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components"
}
]
}
RHSA-2026:9448
Vulnerability from csaf_redhat - Published: 2026-04-21 17:23 - Updated: 2026-06-28 16:15Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.7
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.1.7
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.1.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
Security Fix(es):
* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)
* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)
* istio-cni-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* istio-pilot-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
Bug Fix(es):
* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.7\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)\n\n* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)\n\n* istio-cni-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* istio-pilot-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\nBug Fix(es):\n\n* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9448",
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33748",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25679",
"url": "https://access.redhat.com/security/cve/cve-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33186",
"url": "https://access.redhat.com/security/cve/cve-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33747",
"url": "https://access.redhat.com/security/cve/cve-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33748",
"url": "https://access.redhat.com/security/cve/cve-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-34986",
"url": "https://access.redhat.com/security/cve/cve-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9448.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.7",
"tracking": {
"current_release_date": "2026-06-28T16:15:11+00:00",
"generator": {
"date": "2026-06-28T16:15:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9448",
"initial_release_date": "2026-04-21T17:23:46+00:00",
"revision_history": [
{
"date": "2026-04-21T17:23:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:23:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T16:15:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776677125"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238635"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776412783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ae496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776256858"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776315466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1776177800"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238635"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776412783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Abfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776256858"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776315466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1776177800"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238635"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776412783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aa55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776256858"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776315466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1776177800"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238635"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776412783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776256858"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776315466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1776177800"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:23:46+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:23:46+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:23:46+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33748",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T15:02:00.107493+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452271"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "RHBZ#2452271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://docs.docker.com/build/concepts/context/#url-fragments",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
}
],
"release_date": "2026-03-27T14:00:21.200000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:23:46+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:23:46+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:1a1a9cf19de45b8920e70d8123da7f1e7b2568fe356d98203dc0053cee541339_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:46f11470d7627e5a74663770efb3e8118910f5e2f84a1191f6b14805efc10c73_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:883910879ec4940cd9221bd64fbfa392d1ca28503f4e63277169441cb0addeae_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:8e5be961ce5b17d43e49ad3a0bd5339af75f19d46d11881423c1e86b8bc45a0c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:0f0dfc2423b897ec2b43dc9fff794690809d845f065c7ae4635191348f4af1d2_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2040cfbc531f36c1a8387e41911e3e9d26f53a4ef4a24bc712cbe7f33264f356_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:3ba4910ac8b0bed39310344d4cfa21c645922f80cd287b7f66f4b2873871a26a_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:65368e8e6648247d5efe4edb74085384e833d7cac67c93518f3a6efc059fafbd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:18dc040c6df63b00dbb419895f754d4d728122cf8e245d40cfd9d1f625609bfc_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:4d4ba0754e38ed8824e2a4c1c0e9f603b55650366883339acb67efdbcefae8e0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5aee5dd20238fc15d863e2b700f4b510a758d6fcb696b384bcb7aa0854061428_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:629b6b3147b374e2ee5398b4778ef13d7377bc617391df92e0e7b19a4194a6aa_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:702f60c7aa0927bf2b8a4e2077d972222a0fe13b06a6afd5ce6d3e518cae42a5_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7bc9ffa1c1d9895be132f424d80643bc804a4e99d886762ed16bc8c3d2121c74_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a55d6fe6d7d1d94134e35aa47f3578348b8f0185b7f2c51a69aecb6b8eb2e976_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e496840d6cf9f281ba71596f477044f370530f37cc5a694d7d538eb37b4f903a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:321be87a16bb3b4564223709a86bf2d00c831a249de86d48e03855855776d250_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d1dda2038649d6dcae41d9ef83d0391cdb7499bb6ebedf8453d197fb06ce055_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7055e7c41cc056bfb96e5b429a78e27e7a7584d97f26eec6601cad5eca403cc9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7c918bae6c51890395296e41239ae3101226595d07b880aefd02e765119dbffb_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:149448cd15ef98964551a2527d3287851e3e7726a64e10f94b846a41ed756766_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2fc0af6b178529161647bc102dd8c762dd850b2598296bf7b045e6b1e31b6606_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8f18db5e45ba3934b5878c824cd38ffe989fedad1d28c7d1b39e472f4c0fb43a_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bfd02648a63140c8f810011cbc3f345e0e883a6c3893bb785319fd74871b9ccd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:2f1655b06910cc596ef10f55ad2d34882b82e30b4c6c1a2456bc25cf6e4928c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:9453
Vulnerability from csaf_redhat - Published: 2026-04-21 17:29 - Updated: 2026-06-28 16:15Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.4
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.2.4
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.2.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
Security Fix(es):
* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)
* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)
* istio-cni-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* istio-pilot-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
Bug Fix(es):
* Ztunnel default value in operator contains older istio version (OSSM-13103)
* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.4\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* istio-proxyv2-rhel9: BuildKit: Arbitrary file write and code execution via untrusted frontend (CVE-2026-33747)\n\n* istio-proxyv2-rhel9: BuildKit: Unauthorized file access via Git URL fragment subdir components (CVE-2026-33748)\n\n* istio-cni-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* istio-pilot-rhel9: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\nBug Fix(es):\n\n* Ztunnel default value in operator contains older istio version (OSSM-13103)\n\n* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9453",
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33748",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25679",
"url": "https://access.redhat.com/security/cve/cve-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33186",
"url": "https://access.redhat.com/security/cve/cve-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33747",
"url": "https://access.redhat.com/security/cve/cve-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-33748",
"url": "https://access.redhat.com/security/cve/cve-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-34986",
"url": "https://access.redhat.com/security/cve/cve-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.4",
"tracking": {
"current_release_date": "2026-06-28T16:15:13+00:00",
"generator": {
"date": "2026-06-28T16:15:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9453",
"initial_release_date": "2026-04-21T17:29:36+00:00",
"revision_history": [
{
"date": "2026-04-21T17:29:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:29:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T16:15:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776677282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238602"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178059"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Af62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776291540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Acf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232170"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238602"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Adfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178059"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776291540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232170"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238602"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178059"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776291540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232170"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776238602"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776178059"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776291540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232170"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:29:36+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:29:36+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:29:36+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33748",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T15:02:00.107493+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452271"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "RHBZ#2452271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://docs.docker.com/build/concepts/context/#url-fragments",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
}
],
"release_date": "2026-03-27T14:00:21.200000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:29:36+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:29:36+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1aa2834ce676ef21f5a67e3144fe62677d9bf7b57a9401d74fab7cf569da9911_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d39ae3b09ef2ee139705831bff3f9070d2590d59887a488bfdbb36b590dec13_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4f5e7e28f111429e2c9376ac5f42d717f13eea1c3a80357fe001a9caf5c25fba_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:727908a49c6edf57609ac8a75d5aab182a79530e88819ea8a1df8a9610826c02_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:284458d236e45ffa8a865917bf6253764dbe0f6602173ba3f6733b0a40c5a741_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2b6f5aa276fe5848c6f377c51be574045b04ea784374bcb54e496f2a297f02b0_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5b95c5cfc63958a16f3b30a42f16b9ff26b2f2c9f8e3c539fcec75b721edfb88_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c592a7d2b6b5997972ed7a2deda29c5e9bb03c2b28e42d1f6f57ae1639629c11_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:193b36cc5bc389b68c6e8080e1d47c3860aab22f7a4ee262c90b864967e23a97_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:31e020f606b687b82712fe32823a392ed1abcc9563845ea81fbfce616b99e6b1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7e688abcea40cae3f552b2dc5abf0da092e8a0d7a3f04f3cb5d15c5b4fb1a1f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:8111afc971379ee93fef9ebddfccf75102309c134d25f9d6d3de46f59e809001_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3e210dcd0cab9c18bc0629a3a20b27e75bc09c09decbfcc9f6ab69f7c29670e1_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9d1e9ff2ab9a3f84328cdbe49d4263d34e9ef1ef14d689a32d87534d7631cb0d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a2904680a45ff398adce27c1cbc539bf08e7f53aa64fadf0d6db74f1296421ad_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f62ae2005f3c153975695253d786a00a1a5827b92f96328a0be425fdd4125e69_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3f1d2206dea7630015fac80f8b8c6f7a6a1e1c17e477d1d54db4690b4453e6a0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6015e887371eed1bd162363ebd16ca4f20bd8077df166b455685579e808a9292_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87953048140227569e7028187ed92cc0960bbc055d62a6755c5a1fdcf10510ec_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dfb94112b66ce7fe56a642371749bf87e979b0136652328b124cc384818ef6c3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:615f4ab167e82d54f5cd9bea15e0673293ec42bf19cfa0ccc15eb1d20b7db18a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:56140955dffe7c205dc944835637f83f04c5a82ba6f192dcfb034aa9cf800f8f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:62b18afbdedf572866fd0dca6aa9e2426608d0b1cf011acef9f9044f4fbe4711_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b244e23b80d7996138a01814de1cb9d679ce7ed4156b5521fd76efc1bb5db5_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cf5b5c9c6ba78281d0080d426f71c5b7b3e2b46db3644d153862268c0b4bf538_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:9461
Vulnerability from csaf_redhat - Published: 2026-04-21 17:38 - Updated: 2026-06-27 20:22Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.2
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.3.2
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.3.2, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
Security Fix(es):
* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
Bug Fix(es):
* Ztunnel default value in operator contains older istio version (OSSM-13103)
* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64 | — |
Workaround
|
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.3.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.3.2, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nBug Fix(es):\n\n* Ztunnel default value in operator contains older istio version (OSSM-13103)\n\n* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9461",
"url": "https://access.redhat.com/errata/RHSA-2026:9461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25679",
"url": "https://access.redhat.com/security/cve/cve-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.2",
"tracking": {
"current_release_date": "2026-06-27T20:22:13+00:00",
"generator": {
"date": "2026-06-27T20:22:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9461",
"initial_release_date": "2026-04-21T17:38:07+00:00",
"revision_history": [
{
"date": "2026-04-21T17:38:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T17:38:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T20:22:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776442424"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776141540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776419718"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776293296"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232457"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Af420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776141540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ade3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776419718"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776293296"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232457"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776141540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776419718"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Acbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776293296"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232457"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776141540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776419718"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ae7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776233016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Af45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776293296"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1776232457"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:38:07+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
RHSA-2026:9695
Vulnerability from csaf_redhat - Published: 2026-04-22 11:44 - Updated: 2026-06-27 19:45Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9695",
"url": "https://access.redhat.com/errata/RHSA-2026:9695"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9695.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-06-27T19:45:29+00:00",
"generator": {
"date": "2026-06-27T19:45:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:9695",
"initial_release_date": "2026-04-22T11:44:28+00:00",
"revision_history": [
{
"date": "2026-04-22T11:44:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T11:44:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-27T19:45:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el8_8.2.src",
"product": {
"name": "rhc-1:0.2.2-1.el8_8.2.src",
"product_id": "rhc-1:0.2.2-1.el8_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el8_8.2.ppc64le",
"product": {
"name": "rhc-1:0.2.2-1.el8_8.2.ppc64le",
"product_id": "rhc-1:0.2.2-1.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"product_id": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el8_8.2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el8_8.2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el8_8.2.x86_64",
"product": {
"name": "rhc-1:0.2.2-1.el8_8.2.x86_64",
"product_id": "rhc-1:0.2.2-1.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"product_id": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el8_8.2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"product_id": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el8_8.2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le"
},
"product_reference": "rhc-1:0.2.2-1.el8_8.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src"
},
"product_reference": "rhc-1:0.2.2-1.el8_8.2.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src"
},
"product_reference": "rhc-1:0.2.2-1.el8_8.2.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T11:44:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9695"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le",
"AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src",
"AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64",
"AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…