Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32280 (GCVE-0-2026-32280)
Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-04-08 17:46
VLAI
EPSS
Title
Unexpected work during chain building in crypto/x509
Summary
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.25.9
(semver)
Affected: 1.26.0-0 , < 1.26.2 (semver) |
Credits
Jakub Ciolek - https://ciolek.dev
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T17:46:14.569488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:46:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.buildChains"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.2",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek - https://ciolek.dev"
}
],
"descriptions": [
{
"lang": "en",
"value": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T01:06:58.595Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/758320"
},
{
"url": "https://go.dev/issue/78282"
},
{
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"title": "Unexpected work during chain building in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32280",
"datePublished": "2026-04-08T01:06:58.595Z",
"dateReserved": "2026-03-11T16:38:46.555Z",
"dateUpdated": "2026-04-08T17:46:47.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32280",
"date": "2026-06-23",
"epss": "0.00378",
"percentile": "0.29455"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32280\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-04-08T02:16:03.247\",\"lastModified\":\"2026-04-16T19:16:42.180\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"C6C9C072-9817-402D-877F-F83584B07017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.2\",\"matchCriteriaId\":\"39FE9BAF-55E9-43AA-B14E-239E7EF1D65D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/758320\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78282\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\",\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4947\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
RHSA-2026:16101
Vulnerability from csaf_redhat - Published: 2026-05-11 22:53 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: host-metering security update
Severity
Important
Notes
Topic: An update for host-metering is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Host metering service
Security Fix(es):
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for host-metering is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Host metering service\n\nSecurity Fix(es):\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16101",
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16101.json"
}
],
"title": "Red Hat Security Advisory: host-metering security update",
"tracking": {
"current_release_date": "2026-06-23T17:45:47+00:00",
"generator": {
"date": "2026-06-23T17:45:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16101",
"initial_release_date": "2026-05-11T22:53:25+00:00",
"revision_history": [
{
"date": "2026-05-11T22:53:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T22:53:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.src",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.src",
"product_id": "host-metering-0:1.4.0-7.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debugsource@1.4.0-7.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debuginfo@1.4.0-7.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debugsource@1.4.0-7.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debuginfo@1.4.0-7.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product": {
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product_id": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-selinux@1.4.0-7.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.src"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
},
"product_reference": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:16476
Vulnerability from csaf_redhat - Published: 2026-05-12 18:56 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6
Severity
Important
Notes
Topic: Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6 is now available.
An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 1.73.30, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13521)
* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13550, OSSM-13551)
* CVE-2026-41240 DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (OSSM-13592)
* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13687, OSSM-13688)
* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13594, OSSM-13595)
* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13725, OSSM-13726)
* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13739, OSSM-13740)
* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13711, OSSM-13712)
Enhancement(s):
* OSSM-12301 Migration from Yarn Classic (v1) to Yarn v4 or NPM
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6 is now available.\nAn update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component.\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.30, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13521)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13550, OSSM-13551)\n* CVE-2026-41240 DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (OSSM-13592)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13687, OSSM-13688)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13594, OSSM-13595)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13725, OSSM-13726)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13739, OSSM-13740)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13711, OSSM-13712)\n\nEnhancement(s):\n\n* OSSM-12301 Migration from Yarn Classic (v1) to Yarn v4 or NPM\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16476",
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41240",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16476.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-06-23T17:45:49+00:00",
"generator": {
"date": "2026-06-23T17:45:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16476",
"initial_release_date": "2026-05-12T18:56:35+00:00",
"revision_history": [
{
"date": "2026-05-12T18:56:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T18:56:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Abbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ab1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
}
]
}
RHSA-2026:16477
Vulnerability from csaf_redhat - Published: 2026-05-12 19:02 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.11
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.0.11
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.0.11, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)
Security Fix(es):
* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.11\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.11, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16477",
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16477.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.11",
"tracking": {
"current_release_date": "2026-06-23T17:45:49+00:00",
"generator": {
"date": "2026-06-23T17:45:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16477",
"initial_release_date": "2026-05-12T19:02:21+00:00",
"revision_history": [
{
"date": "2026-05-12T19:02:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T19:02:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Adcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778153288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Aa3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ad6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ada3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ad2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16505
Vulnerability from csaf_redhat - Published: 2026-05-12 19:48 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.8
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.1.8
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.1.8, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)
Security Fix(es):
* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.8\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.8, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16505",
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16505.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.8",
"tracking": {
"current_release_date": "2026-06-23T17:45:50+00:00",
"generator": {
"date": "2026-06-23T17:45:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16505",
"initial_release_date": "2026-05-12T19:48:56+00:00",
"revision_history": [
{
"date": "2026-05-12T19:48:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T19:48:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778154273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ac96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aa2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ae12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ab83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16508
Vulnerability from csaf_redhat - Published: 2026-05-12 20:00 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.5
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.2.5
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.2.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)
Security Fix(es):
* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-rhel9-operator: Go: Denial of Service in certificate chain building (CVE-2026-32280)
* istio-pilot-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)
* istio-cni-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16508",
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16508.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.5",
"tracking": {
"current_release_date": "2026-06-23T17:45:51+00:00",
"generator": {
"date": "2026-06-23T17:45:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16508",
"initial_release_date": "2026-05-12T20:00:08+00:00",
"revision_history": [
{
"date": "2026-05-12T20:00:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T20:00:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ab5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778154109"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Af53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aa03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Affc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ad38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Adb2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16532
Vulnerability from csaf_redhat - Published: 2026-05-12 20:58 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1
Severity
Important
Notes
Topic: Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1 is now available.
An update is now available for Red Hat OpenShift Service Mesh 3.1. This advisory contains the RPM packages for the Kiali component.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.11.10, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13247)
* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13555, OSSM-13559)
* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13692, OSSM-13696)
* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13601, OSSM-13602)
* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13714, OSSM-13718)
* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13728, OSSM-13732)
* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13742, OSSM-13746)
* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13781, OSSM-13782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1 is now available.\nAn update is now available for Red Hat OpenShift Service Mesh 3.1. This advisory contains the RPM packages for the Kiali component.\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.10, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13247)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13555, OSSM-13559)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13692, OSSM-13696)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13601, OSSM-13602)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13714, OSSM-13718)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13728, OSSM-13732)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13742, OSSM-13746)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13781, OSSM-13782)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16532",
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16532.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-06-23T17:45:52+00:00",
"generator": {
"date": "2026-06-23T17:45:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16532",
"initial_release_date": "2026-05-12T20:58:45+00:00",
"revision_history": [
{
"date": "2026-05-12T20:58:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T20:58:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ac86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ac39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Aafa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:16534
Vulnerability from csaf_redhat - Published: 2026-05-12 21:06 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0
Severity
Important
Notes
Topic: Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0 is now available.
An update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.4.16, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13246)
* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13554, OSSM-13558)
* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13691, OSSM-13695)
* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13597, OSSM-13598)
* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13713, OSSM-13717)
* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13727, OSSM-13731)
* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13741, OSSM-13745)
* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13777, OSSM-13778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0 is now available.\nAn update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component.\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.16, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13246)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13554, OSSM-13558)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13691, OSSM-13695)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13597, OSSM-13598)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13713, OSSM-13717)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13727, OSSM-13731)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13741, OSSM-13745)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13777, OSSM-13778)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16534",
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16534.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-06-23T17:45:52+00:00",
"generator": {
"date": "2026-06-23T17:45:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16534",
"initial_release_date": "2026-05-12T21:06:42+00:00",
"revision_history": [
{
"date": "2026-05-12T21:06:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T21:06:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Af9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ae60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ada98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:16535
Vulnerability from csaf_redhat - Published: 2026-05-12 21:06 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2
Severity
Important
Notes
Topic: Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2 is now available.
An update is now available for Red Hat OpenShift Service Mesh 3.2. This advisory contains the RPM packages for the Kiali component.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.17.7, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13248)
* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13556, OSSM-13560)
* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13693, OSSM-13697)
* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13604, OSSM-13605)
* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13715, OSSM-13719)
* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13729, OSSM-13733)
* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13743, OSSM-13747)
* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13784, OSSM-13785)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2 is now available.\nAn update is now available for Red Hat OpenShift Service Mesh 3.2. This advisory contains the RPM packages for the Kiali component.\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.7, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13248)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13556, OSSM-13560)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13693, OSSM-13697)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13604, OSSM-13605)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13715, OSSM-13719)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13729, OSSM-13733)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13743, OSSM-13747)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13784, OSSM-13785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16535",
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40175",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4800",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16535.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-06-23T17:45:53+00:00",
"generator": {
"date": "2026-06-23T17:45:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16535",
"initial_release_date": "2026-05-12T21:06:57+00:00",
"revision_history": [
{
"date": "2026-05-12T21:06:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T21:07:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aaf21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ab4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:16537
Vulnerability from csaf_redhat - Published: 2026-05-12 21:15 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.3
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.3.3
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.3.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Security Fix(es):
* istio-proxyv2-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-pilot-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-cni-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
* istio-rhel9-operator: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
* istio-pilot-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
* istio-cni-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
Fixes/Improvements:
* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)
* Applying proxy configuration takes a long time on the FIPS cluster (OSSM-12929)
* Revert changes done for OSSM-12845 (OSSM-13222)
* Revert changes done for OSSM-12930 (OSSM-13223)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
8.1 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
8.1 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64 | — |
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.3.3\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.3.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* istio-proxyv2-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)\n\n* istio-pilot-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)\n\n* istio-cni-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\n* Applying proxy configuration takes a long time on the FIPS cluster (OSSM-12929)\n\n* Revert changes done for OSSM-12845 (OSSM-13222)\n\n* Revert changes done for OSSM-12930 (OSSM-13223)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16537",
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16537.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.3",
"tracking": {
"current_release_date": "2026-06-23T17:45:54+00:00",
"generator": {
"date": "2026-06-23T17:45:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16537",
"initial_release_date": "2026-05-12T21:15:57+00:00",
"revision_history": [
{
"date": "2026-05-12T21:15:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T21:16:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778154600"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Af977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778151060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Adf991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007569"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778012399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778088671"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778151060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007569"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778012399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778088671"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ab381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aeaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778151060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007569"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778012399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778088671"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778151060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007569"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778012399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778088671"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:15:57+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:15:57+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:15:57+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16542
Vulnerability from csaf_redhat - Published: 2026-05-12 21:26 - Updated: 2026-06-23 17:45Summary
Red Hat Security Advisory: Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3
Severity
Important
Notes
Topic: Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3 is now available.
An update is now available for Red Hat OpenShift Service Mesh 3.3. This advisory contains the RPM packages for the Kiali component.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.22.3, for Red Hat OpenShift Service Mesh 3.3, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13286)
* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13557, OSSM-13561)
* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13694, OSSM-13698)
* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13606, OSSM-13607)
* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13716, OSSM-13720)
* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13730, OSSM-13734)
* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13744, OSSM-13748)
* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13786, OSSM-13787)
Bug Fix(es):
* OSSM-13773 OSSMC MTLS icon is not working
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x | — |
Workaround
|
Threats
Impact
Important
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3 is now available.\nAn update is now available for Red Hat OpenShift Service Mesh 3.3. This advisory contains the RPM packages for the Kiali component.\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.22.3, for Red Hat OpenShift Service Mesh 3.3, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13286)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13557, OSSM-13561)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13694, OSSM-13698)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13606, OSSM-13607)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13716, OSSM-13720)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13730, OSSM-13734)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13744, OSSM-13748)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13786, OSSM-13787)\n\nBug Fix(es):\n\n* OSSM-13773 OSSMC MTLS icon is not working\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16542",
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16542.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3",
"tracking": {
"current_release_date": "2026-06-23T17:45:54+00:00",
"generator": {
"date": "2026-06-23T17:45:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:16542",
"initial_release_date": "2026-05-12T21:26:48+00:00",
"revision_history": [
{
"date": "2026-05-12T21:26:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T21:26:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:45:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-operator-bundle@sha256%3Af2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778193757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Aa1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aa8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Aaba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Aa85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ad39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Adddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aa2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:26:48+00:00",
"details": "See Kiali 2.22.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:f2a866a31810c6bc52d68ab3d5d3f8dd44ccf998a6453f658835927eedd33297_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4fcc3d48a763c1cc51b2cd253a4862c7bf99cd614163ef2f80d5a2f8968066a1_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a2653de5f3faf7d7841393935e7ac5854dcb142c6dcf4342bd3780ca0a2c49a7_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a8aa325e131bbf968e1d1d73703a127c442748633b0cf3122dc4589ee166bb45_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e19802cc2f5e1bbbd60343303fbd0c0ac2f35e45da3911f2e0b379e5eed437ff_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:84019963d8034b33331e015389e8c76b4c58ffe83fb6613b548af3218b4b7ffc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a1e557b983f7579cb3a402bfae03e9015c176240842ac51d67a83f301b77b4fd_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a85ccd92fc8328805bce9266f3b7356406bff3583d20c9f0307e2f32d8134efc_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:dddf652e126cf6c782f64b4999dd560c93e4877f89e7c5b20cbedd75ff468f26_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:090606c29b60475f35670aaa1147e584eb8533c0506ec81a96fae7fcbe3187c1_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:78f6df0632a9a6bf00ee1b60447d24ba2e5d7c2114e410380b7344201bc4fc5b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:aba022fa90760e6af6aeb71ef239682e874a53128744ca6f1a44781d3b82a56f_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d39dd709dbe62218720d56bda7c8c2441f9dc3b2acfae27307b50b86c16a866e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…