Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27628 (GCVE-0-2026-27628)
Vulnerability from cvelistv5 – Published: 2026-02-25 02:45 – Updated: 2026-02-27 19:49
VLAI?
EPSS
Title
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
Severity ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T15:58:27.836793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:58:33.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.2,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T19:49:02.019Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
},
{
"name": "https://github.com/py-pdf/pypdf/issues/3654",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d"
}
],
"source": {
"advisory": "GHSA-2rw7-x74f-jg35",
"discovery": "UNKNOWN"
},
"title": "pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27628",
"datePublished": "2026-02-25T02:45:37.543Z",
"dateReserved": "2026-02-20T22:02:30.027Z",
"dateUpdated": "2026-02-27T19:49:02.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27628\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-25T03:16:06.513\",\"lastModified\":\"2026-02-27T20:21:38.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.2,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.7.2\",\"matchCriteriaId\":\"C05E3F8F-273E-4DA4-BD19-4AAAF4E6BED9\"}]}]}],\"references\":[{\"url\":\"https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/py-pdf/pypdf/issues/3654\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/py-pdf/pypdf/issues/3654\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27628\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-25T15:58:27.836793Z\"}}}], \"references\": [{\"url\": \"https://github.com/py-pdf/pypdf/issues/3654\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T15:58:18.196Z\"}}], \"cna\": {\"title\": \"pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams\", \"source\": {\"advisory\": \"GHSA-2rw7-x74f-jg35\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"py-pdf\", \"product\": \"pypdf\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.7.2\"}]}], \"references\": [{\"url\": \"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35\", \"name\": \"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/py-pdf/pypdf/issues/3654\", \"name\": \"https://github.com/py-pdf/pypdf/issues/3654\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d\", \"name\": \"https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-27T19:49:02.019Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27628\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-27T19:49:02.019Z\", \"dateReserved\": \"2026-02-20T22:02:30.027Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T02:45:37.543Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10284-1
Vulnerability from csaf_opensuse - Published: 2026-03-04 00:00 - Updated: 2026-03-04 00:00Summary
python311-PyPDF2-2.11.1-5.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-PyPDF2-2.11.1-5.1 on GA media
Description of the patch: These are all security issues fixed in the python311-PyPDF2-2.11.1-5.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10284
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-PyPDF2-2.11.1-5.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-PyPDF2-2.11.1-5.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10284-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27628 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27888 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27888/"
}
],
"title": "python311-PyPDF2-2.11.1-5.1 on GA media",
"tracking": {
"current_release_date": "2026-03-04T00:00:00Z",
"generator": {
"date": "2026-03-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10284-1",
"initial_release_date": "2026-03-04T00:00:00Z",
"revision_history": [
{
"date": "2026-03-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-PyPDF2-2.11.1-5.1.aarch64",
"product": {
"name": "python311-PyPDF2-2.11.1-5.1.aarch64",
"product_id": "python311-PyPDF2-2.11.1-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-PyPDF2-2.11.1-5.1.aarch64",
"product": {
"name": "python313-PyPDF2-2.11.1-5.1.aarch64",
"product_id": "python313-PyPDF2-2.11.1-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-PyPDF2-2.11.1-5.1.ppc64le",
"product": {
"name": "python311-PyPDF2-2.11.1-5.1.ppc64le",
"product_id": "python311-PyPDF2-2.11.1-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-PyPDF2-2.11.1-5.1.ppc64le",
"product": {
"name": "python313-PyPDF2-2.11.1-5.1.ppc64le",
"product_id": "python313-PyPDF2-2.11.1-5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-PyPDF2-2.11.1-5.1.s390x",
"product": {
"name": "python311-PyPDF2-2.11.1-5.1.s390x",
"product_id": "python311-PyPDF2-2.11.1-5.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-PyPDF2-2.11.1-5.1.s390x",
"product": {
"name": "python313-PyPDF2-2.11.1-5.1.s390x",
"product_id": "python313-PyPDF2-2.11.1-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-PyPDF2-2.11.1-5.1.x86_64",
"product": {
"name": "python311-PyPDF2-2.11.1-5.1.x86_64",
"product_id": "python311-PyPDF2-2.11.1-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-PyPDF2-2.11.1-5.1.x86_64",
"product": {
"name": "python313-PyPDF2-2.11.1-5.1.x86_64",
"product_id": "python313-PyPDF2-2.11.1-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-PyPDF2-2.11.1-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64"
},
"product_reference": "python311-PyPDF2-2.11.1-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-PyPDF2-2.11.1-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le"
},
"product_reference": "python311-PyPDF2-2.11.1-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-PyPDF2-2.11.1-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x"
},
"product_reference": "python311-PyPDF2-2.11.1-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-PyPDF2-2.11.1-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64"
},
"product_reference": "python311-PyPDF2-2.11.1-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-PyPDF2-2.11.1-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64"
},
"product_reference": "python313-PyPDF2-2.11.1-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-PyPDF2-2.11.1-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le"
},
"product_reference": "python313-PyPDF2-2.11.1-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-PyPDF2-2.11.1-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x"
},
"product_reference": "python313-PyPDF2-2.11.1-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-PyPDF2-2.11.1-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
},
"product_reference": "python313-PyPDF2-2.11.1-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27628"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27628",
"url": "https://www.suse.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "SUSE Bug 1258940 for CVE-2026-27628",
"url": "https://bugzilla.suse.com/1258940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27628"
},
{
"cve": "CVE-2026-27888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27888"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27888",
"url": "https://www.suse.com/security/cve/CVE-2026-27888"
},
{
"category": "external",
"summary": "SUSE Bug 1258934 for CVE-2026-27888",
"url": "https://bugzilla.suse.com/1258934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python311-PyPDF2-2.11.1-5.1.x86_64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.aarch64",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.ppc64le",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.s390x",
"openSUSE Tumbleweed:python313-PyPDF2-2.11.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27888"
}
]
}
OPENSUSE-SU-2026:20333-1
Vulnerability from csaf_opensuse - Published: 2026-03-06 21:01 - Updated: 2026-03-06 21:01Summary
Security update for python-PyPDF2
Severity
Important
Notes
Title of the patch: Security update for python-PyPDF2
Description of the patch: This update for python-PyPDF2 fixes the following issues:
Changes in python-PyPDF2:
- CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940)
- CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934)
- CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089)
- CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691)
- CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692)
- CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693)
- Convert to pip-based build
Patchnames: openSUSE-Leap-16.0-packagehub-153
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-PyPDF2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-PyPDF2 fixes the following issues:\n\nChanges in python-PyPDF2:\n\n- CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940)\n- CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934)\n- CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089)\n- CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691)\n- CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692)\n- CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693)\n\n- Convert to pip-based build\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-153",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20333-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1248089",
"url": "https://bugzilla.suse.com/1248089"
},
{
"category": "self",
"summary": "SUSE Bug 1258691",
"url": "https://bugzilla.suse.com/1258691"
},
{
"category": "self",
"summary": "SUSE Bug 1258692",
"url": "https://bugzilla.suse.com/1258692"
},
{
"category": "self",
"summary": "SUSE Bug 1258693",
"url": "https://bugzilla.suse.com/1258693"
},
{
"category": "self",
"summary": "SUSE Bug 1258934",
"url": "https://bugzilla.suse.com/1258934"
},
{
"category": "self",
"summary": "SUSE Bug 1258940",
"url": "https://bugzilla.suse.com/1258940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27024 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27025 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27026 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27628 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27888 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27888/"
}
],
"title": "Security update for python-PyPDF2",
"tracking": {
"current_release_date": "2026-03-06T21:01:39Z",
"generator": {
"date": "2026-03-06T21:01:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20333-1",
"initial_release_date": "2026-03-06T21:01:39Z",
"revision_history": [
{
"date": "2026-03-06T21:01:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-PyPDF2-2.11.1-bp160.2.1.noarch",
"product": {
"name": "python313-PyPDF2-2.11.1-bp160.2.1.noarch",
"product_id": "python313-PyPDF2-2.11.1-bp160.2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-PyPDF2-2.11.1-bp160.2.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
},
"product_reference": "python313-PyPDF2-2.11.1-bp160.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55197"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55197",
"url": "https://www.suse.com/security/cve/CVE-2025-55197"
},
{
"category": "external",
"summary": "SUSE Bug 1248089 for CVE-2025-55197",
"url": "https://bugzilla.suse.com/1248089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "important"
}
],
"title": "CVE-2025-55197"
},
{
"cve": "CVE-2026-27024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27024"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27024",
"url": "https://www.suse.com/security/cve/CVE-2026-27024"
},
{
"category": "external",
"summary": "SUSE Bug 1258691 for CVE-2026-27024",
"url": "https://bugzilla.suse.com/1258691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "moderate"
}
],
"title": "CVE-2026-27024"
},
{
"cve": "CVE-2026-27025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27025"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27025",
"url": "https://www.suse.com/security/cve/CVE-2026-27025"
},
{
"category": "external",
"summary": "SUSE Bug 1258692 for CVE-2026-27025",
"url": "https://bugzilla.suse.com/1258692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "moderate"
}
],
"title": "CVE-2026-27025"
},
{
"cve": "CVE-2026-27026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27026"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27026",
"url": "https://www.suse.com/security/cve/CVE-2026-27026"
},
{
"category": "external",
"summary": "SUSE Bug 1258693 for CVE-2026-27026",
"url": "https://bugzilla.suse.com/1258693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "moderate"
}
],
"title": "CVE-2026-27026"
},
{
"cve": "CVE-2026-27628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27628"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27628",
"url": "https://www.suse.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "SUSE Bug 1258940 for CVE-2026-27628",
"url": "https://bugzilla.suse.com/1258940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "important"
}
],
"title": "CVE-2026-27628"
},
{
"cve": "CVE-2026-27888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27888"
}
],
"notes": [
{
"category": "general",
"text": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27888",
"url": "https://www.suse.com/security/cve/CVE-2026-27888"
},
{
"category": "external",
"summary": "SUSE Bug 1258934 for CVE-2026-27888",
"url": "https://bugzilla.suse.com/1258934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T21:01:39Z",
"details": "moderate"
}
],
"title": "CVE-2026-27888"
}
]
}
RHSA-2026:5168
Vulnerability from csaf_redhat - Published: 2026-03-19 19:18 - Updated: 2026-03-22 10:11Summary
Red Hat Security Advisory: Red Hat Quay 3.9.19
Severity
Important
Notes
Topic: Red Hat Quay 3.9.19 is now available with bug fixes.
Details: Quay 3.9.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5168",
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5168.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.19",
"tracking": {
"current_release_date": "2026-03-22T10:11:40+00:00",
"generator": {
"date": "2026-03-22T10:11:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:5168",
"initial_release_date": "2026-03-19T19:18:06+00:00",
"revision_history": [
{
"date": "2026-03-19T19:18:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T19:18:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-22T10:11:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931764"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931771"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739181"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Acb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773939659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Add567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ace8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ad64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:4942
Vulnerability from csaf_redhat - Published: 2026-03-18 16:21 - Updated: 2026-03-22 10:11Summary
Red Hat Security Advisory: Red Hat Quay 3.12.15
Severity
Critical
Notes
Topic: Red Hat Quay 3.12.15 is now available with bug fixes.
Details: Quay 3.12.15
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.15 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.15",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4942",
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.15",
"tracking": {
"current_release_date": "2026-03-22T10:11:31+00:00",
"generator": {
"date": "2026-03-22T10:11:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4942",
"initial_release_date": "2026-03-18T16:21:15+00:00",
"revision_history": [
{
"date": "2026-03-18T16:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T16:21:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-22T10:11:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773766026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772132933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Af4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773775889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
GHSA-2RW7-X74F-JG35
Vulnerability from github – Published: 2026-02-25 16:09 – Updated: 2026-02-25 16:09
VLAI?
Summary
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Details
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file.
Patches
This has been fixed in pypdf==6.7.2.
Workarounds
If users cannot upgrade yet, consider applying the changes from PR #3655.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27628"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T16:09:03Z",
"nvd_published_at": "2026-02-25T03:16:06Z",
"severity": "LOW"
},
"details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file.\n\n### Patches\n\nThis has been fixed in [pypdf==6.7.2](https://github.com/py-pdf/pypdf/releases/tag/6.7.2).\n\n### Workarounds\n\nIf users cannot upgrade yet, consider applying the changes from PR [#3655](https://github.com/py-pdf/pypdf/pull/3655).",
"id": "GHSA-2rw7-x74f-jg35",
"modified": "2026-02-25T16:09:03Z",
"published": "2026-02-25T16:09:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams"
}
FKIE_CVE-2026-27628
Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-27 20:21
Severity ?
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d | ||
| security-advisories@github.com | https://github.com/py-pdf/pypdf/issues/3654 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35 | Patch, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/py-pdf/pypdf/issues/3654 | Issue Tracking, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pypdf_project | pypdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C05E3F8F-273E-4DA4-BD19-4AAAF4E6BED9",
"versionEndExcluding": "6.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually."
},
{
"lang": "es",
"value": "pypdf es una librer\u00eda PDF de Python puro, gratuita y de c\u00f3digo abierto. Antes de la versi\u00f3n 6.7.2, un atacante que utiliza esta vulnerabilidad puede crear un PDF que conduce a un bucle infinito. Esto requiere leer el archivo. Esto ha sido corregido en pypdf 6.7.2. Como soluci\u00f3n alternativa, se puede aplicar el parche manualmente."
}
],
"id": "CVE-2026-27628",
"lastModified": "2026-02-27T20:21:38.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.2,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-25T03:16:06.513",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…